CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-47629 – libksba: integer overflow to code execution
https://notcve.org/view.php?id=CVE-2022-47629
20 Dec 2022 — Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. Libksba anterior a 1.6.3 es propenso a sufrir una vulnerabilidad de desbordamiento de enteros en el analizador de firmas CRL. A vulnerability was found in the Libksba library, due to an integer overflow within the CRL's signature parser. This issue can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment. The... • https://dev.gnupg.org/T6284 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 2CVE-2022-3515 – GnuPG libksba CRL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-3515
17 Oct 2022 — A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GnuPG libksba. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the i... • https://access.redhat.com/security/cve/CVE-2022-3515 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-4355 – Ubuntu Security Notice USN-2982-1
https://notcve.org/view.php?id=CVE-2016-4355
17 May 2016 — Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. Múltiples desbordamientos de enteros en ber-decoder.c en Libksba en versiones anteriores a 1.3.3 permiten a atacantes remotos provocar una caída del servicio (caída) a través de una información BER manipulada, lo que conduce a un desbordamiento del buffer. Hanno Boeck discovered that Libksba incorrectly handled decoding certai... • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=aea7b6032865740478ca4b706850a5217f1c3887 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0CVE-2016-4356 – Ubuntu Security Notice USN-2982-1
https://notcve.org/view.php?id=CVE-2016-4356
17 May 2016 — The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data. La función append_utf8_value en el decodificador DN (dn.c) en Libksba en versiones anteriores a 1.3.3 permite a atacantes remotos provocar una caída de servicio (lectura fuera de rango) borrando el bit del byte después de datos codificados UTF-8 no válidos. Hanno Boeck discovered that L... • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=243d12fdec66a4360fbb3e307a046b39b5b4ffc3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2016-4574 – Ubuntu Security Notice USN-2982-1
https://notcve.org/view.php?id=CVE-2016-4574
17 May 2016 — Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356. El error off-by-one en la función append_utf8_value en el decodificador DN (dn.c) en Libksba en versiones anteriores a 1.3.4 permite a atacantes remotos provocar una caída de servicio (lectura fuera de rango) a través de una c... • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=6be61daac047d8e6aa941eb103f8e71a1d4e3c75 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2016-4579 – Gentoo Linux Security Advisory 201706-22
https://notcve.org/view.php?id=CVE-2016-4579
17 May 2016 — Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl." Libksba en versiones anteriores a 1.3.4 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de rango y caída) a través de vectores no especificados, relacionado "longitud devuelta del objeto de _ksba_ber_parse_tl". Hanno Boeck discovered that Libksba incorrectly handled decoding cer... • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=a7eed17a0b2a1c09ef986f3b4b323cd31cea2b64 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-4353 – Ubuntu Security Notice USN-2982-1
https://notcve.org/view.php?id=CVE-2016-4353
17 May 2016 — ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data. ber-decoder.c en Libksba en versiones anteriores a 1.3.3 no maneja correctamente el decodificador de desbordamiento de pila, lo que permite a atacantes remotos provocar una denegación de servicio (abortado) a través de una información BER manipulada. Hanno Boeck discovered that Libksba incorrectly handled decoding certain BER data. A... • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=07116a314f4dcd4d96990bbd74db95a03a9f650a • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-4354 – Ubuntu Security Notice USN-2982-1
https://notcve.org/view.php?id=CVE-2016-4354
17 May 2016 — ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. ber-decoder.c en Libksba en versiones anteriores a 1.3.3 usa un tipo de información integrada incorrecta, lo que permite a atacantes remotos provocar una denegación de servicio (caída) a través de una información BER manipulada, lo que conduce a un desbordamiento del buffer. Hanno Boeck discovered that Libksba in... • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=aea7b6032865740478ca4b706850a5217f1c3887 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 0CVE-2014-9087 – Debian Security Advisory 3078-1
https://notcve.org/view.php?id=CVE-2014-9087
28 Nov 2014 — Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow. Desbordamiento de enteros en la función ksba_oid_to_str en Libksba anterior a 1.3.2, utilizado en GnuPG, permite a atacantes remotos causar una denegación de servicio (caída) a través de un OID manipulado en (1) un mensaje S/MIME o (2) datos OpenPGP b... • http://advisories.mageia.org/MGASA-2014-0498.html • CWE-191: Integer Underflow (Wrap or Wraparound) •