CVE-2022-47629

Опубликовано: 17 окт. 2022

Источник: redhat

CVSS3: 8.6

EPSS Низкий

Описание

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.

A vulnerability was found in the Libksba library, due to an integer overflow within the CRL's signature parser. This issue can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	libksba	Out of support scope
Red Hat Enterprise Linux 7	libksba	Fixed	RHSA-2023:0530	30.01.2023
Red Hat Enterprise Linux 8	libksba	Fixed	RHSA-2023:0625	07.02.2023
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions	libksba	Fixed	RHSA-2023:0593	06.02.2023
Red Hat Enterprise Linux 8.2 Advanced Update Support	libksba	Fixed	RHSA-2023:0592	06.02.2023
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	libksba	Fixed	RHSA-2023:0592	06.02.2023
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	libksba	Fixed	RHSA-2023:0592	06.02.2023
Red Hat Enterprise Linux 8.4 Extended Update Support	libksba	Fixed	RHSA-2023:0624	07.02.2023
Red Hat Enterprise Linux 8.6 Extended Update Support	libksba	Fixed	RHSA-2023:0594	06.02.2023
Red Hat Enterprise Linux 9	libksba	Fixed	RHSA-2023:0626	07.02.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-190

https://bugzilla.redhat.com/show_bug.cgi?id=2161571libksba: integer overflow to code execution

EPSS

Процентиль: 82%

0.01843

Низкий

8.6 High

CVSS3

Связанные уязвимости

CVE-2022-47629

CVSS3: 9.8

ubuntu

больше 2 лет назад

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.

CVE-2022-47629

CVSS3: 9.8

nvd

больше 2 лет назад

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.

CVE-2022-47629

CVSS3: 9.8

msrc

больше 2 лет назад

Описание отсутствует

CVE-2022-47629

CVSS3: 9.8

debian

больше 2 лет назад

Libksba before 1.6.3 is prone to an integer overflow vulnerability in ...

SUSE-SU-2023:0056-2

suse-cvrf

больше 2 лет назад

Security update for libksba

EPSS

Процентиль: 82%

0.01843

Низкий

8.6 High

CVSS3