CVE-2016-5080
published 2016-07-19CVE-2016-5080: Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to…
PriorityP350critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
10.06%
95.0th percentile
Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system running an application compiled by ASN1C, via crafted ASN.1 data.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | products | — | — |
| android | — | — | |
| objective_systems | asn1c | <= 7.0.1 | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2016-5080: Android Security Bulletin 2017-01-01
CVE: CVE-2016-5080
Severity: MEDIUM
References: A-31115235**
vendor_android·2017-01-01·CVSS 9.8
CVE-2016-5080 [CRITICAL] CVE-2016-5080: Android Security Bulletin 2017-01-01
CVE: CVE-2016-5080
Severity: MEDIUM
References: A-31115235**
Android Security Bulletin 2017-01-01
CVE: CVE-2016-5080
Severity: MEDIUM
References: A-31115235**
Cisco
Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products
vendor_cisco·2016-07-22·CVSS 10.0
CVE-2016-5080 [CRITICAL] CWE-119 Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products
Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products
A vulnerability in the ASN1C compiler by Objective Systems affects Cisco ASR 5000 devices running StarOS and Cisco Virtualized Packet Core (VPC) systems. The vulnerability could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or potentially execute arbitrary code.
The vulnerability is due to unsafe code generation by the ASN1C compiler when creating ASN.1 translation functions that are subsequently included within affected Cisco products. An attacker could exploit this vulnerability by submitting a malicious Abstract Syntax Notation One (ASN.1) encoded message designed to trigger the issue to an affected function.
US-CERT has released Vulnerability Note VU#790839 to documen
Cisco
Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products
vendor_cisco
CVE-2016-5080 Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products
CVE-2016-5080: Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products
A vulnerability in the ASN1C compiler by Objective Systems affects Cisco ASR 5000 devices running StarOS and Cisco Virtualized Packet Core (VPC) systems. The vulnerability could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or potentially execute arbitrary code. The vulnerability is due to unsafe code generation by the ASN1C compiler when creating ASN.1 translation functions that are subsequently included within affected Cisco products. An attacker could exploit this vulnerability by submitting a malicious Abstract Syntax Notation One (ASN.1) encoded message designed to trigger the issue to an affected function. US-CERT has released Vulnerability Note VU#79083
GHSA
GHSA-8c5g-jh8w-2ffj: Integer overflow in the rtxMemHeapAlloc function in asn1rt_a
ghsa_unreviewed·2022-05-14
CVE-2016-5080 [CRITICAL] GHSA-8c5g-jh8w-2ffj: Integer overflow in the rtxMemHeapAlloc function in asn1rt_a
Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system running an application compiled by ASN1C, via crafted ASN.1 data.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/137970/Objective-Systems-Inc.-ASN1C-For-C-C-Heap-Memory-Corruption.htmlhttp://seclists.org/fulldisclosure/2016/Jul/65http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160721-asn1chttp://www.kb.cert.org/vuls/id/790839http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.securityfocus.com/archive/1/538952/100/0/threadedhttp://www.securityfocus.com/bid/91836http://www.securitytracker.com/id/1036386https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080https://source.android.com/security/bulletin/2017-01-01.htmlhttps://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/NCSC-2016-0650+1.00+Kwetsbaarheid+verholpen+in+ASN1C.htmlhttp://packetstormsecurity.com/files/137970/Objective-Systems-Inc.-ASN1C-For-C-C-Heap-Memory-Corruption.htmlhttp://seclists.org/fulldisclosure/2016/Jul/65http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160721-asn1chttp://www.kb.cert.org/vuls/id/790839http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.securityfocus.com/archive/1/538952/100/0/threadedhttp://www.securityfocus.com/bid/91836http://www.securitytracker.com/id/1036386https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080https://source.android.com/security/bulletin/2017-01-01.htmlhttps://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/NCSC-2016-0650+1.00+Kwetsbaarheid+verholpen+in+ASN1C.html
2016-07-19
Published