Integer Overflow Vulnerability in Libksba Affected by GnuPG
CVE-2022-47629

9.8CRITICAL

Key Information:

Vendor: Gnupg
Status: Libksba
Vendor: CVE Published:; 20 December 2022

What is CVE-2022-47629?

The Libksba library versions prior to 1.6.3 contain an integer overflow vulnerability within the CRL signature parser. This flaw may allow attackers to exploit the affected software, potentially leading to unexpected behavior or further exploitation. Users of GnuPG products relying on Libksba should ensure they update to a secure version to mitigate any risks associated with this vulnerability.

References

https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3B...

https://dev.gnupg.org/T6284

https://www.debian.org/security/2022/dsa-5305

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2022
Vulnerability Reserved
Dec 20, 2022

CVE-2022-47629 Data

JSON

Gnupg

What is CVE-2022-47629?

References

CVSS V3.1

Timeline