Denial of Service Vulnerability in Libksba by GnuPG
CVE-2016-4574

7.5HIGH

Key Information:

Vendor

Gnupg

Status
Libksba
Vendor
CVE Published:
13 June 2016

What is CVE-2016-4574?

An off-by-one error in the append_utf8_value function within the DN decoder of Libksba versions prior to 1.3.4 can be exploited by remote attackers to induce a denial of service through out-of-bounds read operations triggered by invalid UTF-8 encoded data. This vulnerability stems from an incomplete fix for a previous issue, indicating ongoing challenges in securely processing encoding formats.

References

http://www.openwall.com/lists/oss-security/2016/05/10/3
mailing-listx_refsource_MLIST
http://www.ubuntu.com/usn/USN-2982-1
vendor-advisoryx_refsource_UBUNTU
http://lists.opensuse.org/opensuse-updates/2016-06/msg000...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.