CVE-2016-0758

CWE-120 — Classic Buffer Overflow20 documents10 sources

Severity

7.8HIGH

EPSS

0.1%

top 64.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Canonical Ubuntu Linux Redhat Enterprise Linux Desktop +6 more

Timeline

PublishedJun 27

Latest updateMay 17

Description

Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

▶NVDlinux/linux_kernel3.7 — 3.12.60+3

▶Debianlinux< 4.5.4-1+3

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

▶NVDredhat/enterprise_linux_hpc_node7.0, 7.2+1

Also affects: Ubuntu Linux 16.04, Enterprise Linux 7.2

🔴Vulnerability Details

GHSA

GHSA-jfqq-mmmm-xrc9: Integer overflow in lib/asn1_decoder↗2022-05-17

▶

CVEList

CVE-2016-0758: Integer overflow in lib/asn1_decoder↗2016-06-27

▶

OSV

CVE-2016-0758: Integer overflow in lib/asn1_decoder↗2016-06-27

▶

OSV

linux vulnerabilities↗2016-05-16

▶

Kernel

KEYS: Fix ASN.1 indefinite length object parsing↗2016-02-23

▶

📋Vendor Advisories

Android

CVE-2016-0758: Android Security Bulletin 2016-10-01 CVE: CVE-2016-0758 Severity: CRITICAL References: A-29814470 Upstream kernel↗2016-10-01

▶

Ubuntu

Linux kernel vulnerability↗2016-05-16

▶

Ubuntu

Linux kernel (Raspberry Pi 2) vulnerability↗2016-05-16

▶

Ubuntu

Linux kernel (Xenial HWE) vulnerabilities↗2016-05-16

▶

Ubuntu

Linux kernel (Wily HWE) vulnerabilities↗2016-05-16

▶

💬Community

Bugzilla

CVE-2016-0758 kernel: tags with indefinite length can corrupt pointers in asn1_find_indefinite_length() [fedora-all]↗2016-05-12

▶

Bugzilla

CVE-2016-0758 kernel: tags with indefinite length can corrupt pointers in asn1_find_indefinite_length()↗2016-01-20

▶