Integer Overflow Vulnerability in Libksba Affects Open Source Libraries
CVE-2016-4355

7.5HIGH

Key Information:

Vendor

Gnupg

Status
Libksba
Vendor
CVE Published:
13 June 2016

What is CVE-2016-4355?

Multiple integer overflow vulnerabilities in the ber-decoder.c module of Libksba prior to version 1.3.3 allow remote attackers to exploit crafted BER data, leading to a denial of service condition. This can result in an application crash due to a buffer overflow, compromising the stability and availability of services utilizing this library.

References

http://www.ubuntu.com/usn/USN-2982-1
vendor-advisoryx_refsource_UBUNTU
http://www.openwall.com/lists/oss-security/2016/04/29/5
mailing-listx_refsource_MLIST
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.