CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-47629 – libksba: integer overflow to code execution
https://notcve.org/view.php?id=CVE-2022-47629
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. Libksba anterior a 1.6.3 es propenso a sufrir una vulnerabilidad de desbordamiento de enteros en el analizador de firmas CRL. A vulnerability was found in the Libksba library, due to an integer overflow within the CRL's signature parser. This issue can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment. • https://dev.gnupg.org/T6284 https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070 https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html https://security.gentoo.org/glsa/202212-07 https://security.netapp.com/advisory/ntap-20230316-0011 https://www.debian.org/security/2022/dsa-5305 https://access.redhat.com/security/cve/CVE-2022-47629 https://bugzilla.redhat.com/show_bug.cgi?id=2161571 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 2CVE-2022-3515 – GnuPG libksba CRL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-3515
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GnuPG libksba. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of CRL files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. • https://access.redhat.com/security/cve/CVE-2022-3515 https://bugzilla.redhat.com/show_bug.cgi?id=2135610 https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b https://security.netapp.com/advisory/ntap-20230706-0008 https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-4353
https://notcve.org/view.php?id=CVE-2016-4353
ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data. ber-decoder.c en Libksba en versiones anteriores a 1.3.3 no maneja correctamente el decodificador de desbordamiento de pila, lo que permite a atacantes remotos provocar una denegación de servicio (abortado) a través de una información BER manipulada. • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=07116a314f4dcd4d96990bbd74db95a03a9f650a http://www.openwall.com/lists/oss-security/2016/04/29/5 http://www.openwall.com/lists/oss-security/2016/04/29/8 http://www.ubuntu.com/usn/USN-2982-1 https://security.gentoo.org/glsa/201604-04 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-4354
https://notcve.org/view.php?id=CVE-2016-4354
ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. ber-decoder.c en Libksba en versiones anteriores a 1.3.3 usa un tipo de información integrada incorrecta, lo que permite a atacantes remotos provocar una denegación de servicio (caída) a través de una información BER manipulada, lo que conduce a un desbordamiento del buffer. • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=aea7b6032865740478ca4b706850a5217f1c3887 http://www.openwall.com/lists/oss-security/2016/04/29/5 http://www.openwall.com/lists/oss-security/2016/04/29/8 http://www.ubuntu.com/usn/USN-2982-1 https://security.gentoo.org/glsa/201604-04 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-4355
https://notcve.org/view.php?id=CVE-2016-4355
Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. Múltiples desbordamientos de enteros en ber-decoder.c en Libksba en versiones anteriores a 1.3.3 permiten a atacantes remotos provocar una caída del servicio (caída) a través de una información BER manipulada, lo que conduce a un desbordamiento del buffer. • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=aea7b6032865740478ca4b706850a5217f1c3887 http://www.openwall.com/lists/oss-security/2016/04/29/5 http://www.openwall.com/lists/oss-security/2016/04/29/8 http://www.ubuntu.com/usn/USN-2982-1 https://security.gentoo.org/glsa/201604-04 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •