Stack Overflow Vulnerability in Libksba Affects Multiple Users
CVE-2016-4353

7.5HIGH

Key Information:

Vendor

Gnupg

Status
Libksba
Vendor
CVE Published:
13 June 2016

What is CVE-2016-4353?

A flaw in the Libksba library, specifically in the ber-decoder.c component before version 1.3.3, fails to correctly manage decoder stack overflows. This vulnerability could allow remote attackers to exploit the weakness by sending specially crafted BER data, potentially leading to an abrupt denial of service through application aborts.

References

http://www.ubuntu.com/usn/USN-2982-1
vendor-advisoryx_refsource_UBUNTU
http://www.openwall.com/lists/oss-security/2016/04/29/5
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2016/04/29/8
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.