CVE-2016-4353

Опубликовано: 13 июн. 2016

Источник: debian

EPSS Низкий

Описание

ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libksba	fixed	1.3.3-1		package
libksba	fixed	1.3.2-1+deb8u1	jessie	package
libksba	no-dsa		wheezy	package
libksba	no-dsa		squeeze	package

Примечания

https://www.openwall.com/lists/oss-security/2015/04/13/5
https://www.openwall.com/lists/oss-security/2016/04/29/5
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=07116a314f4dcd4d96990bbd74db95a03a9f650a

EPSS

Процентиль: 74%

0.00796

Низкий

Связанные уязвимости

CVE-2016-4353

CVSS3: 7.5

ubuntu

больше 9 лет назад

ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data.

CVE-2016-4353

redhat

почти 11 лет назад

ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data.

CVE-2016-4353

CVSS3: 7.5

nvd

больше 9 лет назад

ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data.

GHSA-qcgh-wvgp-7qgv

CVSS3: 7.5

github

больше 3 лет назад

ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data.

EPSS

Процентиль: 74%

0.00796

Низкий