Integer Overflow Vulnerability in Objective Systems ASN1C for C/C++
CVE-2016-5080

9.8CRITICAL

Key Information:

Vendor

Objective Systems

Status
Asn1c
Vendor
CVE Published:
19 July 2016

What is CVE-2016-5080?

The integer overflow vulnerability in the rtxMemHeapAlloc function of the ASN1C compiler by Objective Systems can be exploited by context-dependent attackers. This flaw allows malicious ASN.1 data to influence the allocation process, potentially leading to arbitrary code execution or triggering a denial of service due to heap-based buffer overflows. Affected applications utilizing ASN1C before version 7.0.2 are particularly at risk, necessitating prompt attention for patching and remediation.

References

https://source.android.com/security/bulletin/2017-01-01.html
x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/538952/100/0/threaded
mailing-listx_refsource_BUGTRAQ
https://github.com/programa-stic/security-advisories/tree...
x_refsource_MISC

EPSS Score

40% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.