CVE-2016-4354

Опубликовано: 08 апр. 2015

Источник: redhat

CVSS2: 5.1

Описание

ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	libksba	Will not fix
Red Hat Enterprise Linux 6	libksba	Will not fix
Red Hat Enterprise Linux 7	libksba	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-190->CWE-119

https://bugzilla.redhat.com/show_bug.cgi?id=1211260libksba: integer overflow in the BER decoder src/ber-decoder.c (ber_decoder_s)

5.1 Medium

CVSS2

Связанные уязвимости

CVE-2016-4354

CVSS3: 7.5

ubuntu

больше 9 лет назад

ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.

CVE-2016-4354

CVSS3: 7.5

nvd

больше 9 лет назад

ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.

CVE-2016-4354

CVSS3: 7.5

debian

больше 9 лет назад

ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data t ...

GHSA-35f2-fx5v-8568

CVSS3: 7.5

github

больше 3 лет назад

ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.

5.1 Medium

CVSS2