CVE-2016-4354

Опубликовано: 13 июн. 2016

Источник: debian

Описание

ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libksba	fixed	1.3.3-1		package
libksba	fixed	1.3.2-1+deb8u1	jessie	package
libksba	no-dsa		wheezy	package
libksba	no-dsa		squeeze	package

Примечания

https://www.openwall.com/lists/oss-security/2015/04/13/5
https://www.openwall.com/lists/oss-security/2016/04/29/5
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887

Связанные уязвимости

CVE-2016-4354

CVSS3: 7.5

ubuntu

больше 9 лет назад

ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.

CVE-2016-4354

redhat

почти 11 лет назад

ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.

CVE-2016-4354

CVSS3: 7.5

nvd

больше 9 лет назад

ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.

GHSA-35f2-fx5v-8568

CVSS3: 7.5

github

больше 3 лет назад

ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.