CVE-2006-5111 — Libksba vulnerability

5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

1.2%

top 21.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnupg Libksba Debian Libksba Libksba Library

Timeline

PublishedOct 3

Latest updateMay 1

Description

The libksba library 0.9.12 and possibly other versions, as used by gpgsm in the newpg package on SUSE LINUX, allows attackers to cause a denial of service (application crash) via a malformed X.509 certificate in a signature.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDlibksba_library/libksba_library0.9.12

▶debiandebian/libksba< libksba 0.9.14-1 (bookworm)

▶Debiangnupg/libksba< 0.9.14-1+3

Patches

Patch: www.novell.com ↗Patch: www.novell.com ↗Patch: www.novell.com ↗

🔴Vulnerability Details

GHSA

GHSA-hh6w-9c5q-qw82: The libksba library 0↗2022-05-01

▶

OSV

CVE-2006-5111: The libksba library 0↗2006-10-03

▶

📋Vendor Advisories

Ubuntu

libksba vulnerability↗2006-10-16

▶

Debian

CVE-2006-5111: libksba - The libksba library 0.9.12 and possibly other versions, as used by gpgsm in the ...↗2006

▶