CVE-2022-3515Integer Overflow or Wraparound in Libksba

CWE-190Integer Overflow or Wraparound11 documents10 sources
Severity
9.8CRITICALNVD
EPSS
0.2%
top 62.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Gnupg LibksbaGnupgGnupg Vs-desktop+2 more
Timeline
PublishedJan 12
Latest updateApr 10

Description

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

NVDgnupg/libksba< 1.6.3
Debiangnupg/libksba< 1.5.0-3+deb11u1+3
CVEListV5gnupg/libksbaFixed in libksba v1.6.2
NVDgnupg/gnupg2.1.02.2.41+1
NVDgpg4win/gpg4win2.0.04.1.0

Patches

Patch: access.redhat.comPatch: dev.gnupg.orgPatch: access.redhat.com

🔴Vulnerability Details

3
OSV
CVE-2022-3515: A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser2023-01-12
GHSA
GHSA-58wq-p76f-6qjh: A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser2023-01-12
CVEList
CVE-2022-3515: A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser2023-01-12

📋Vendor Advisories

7
Palo Alto
PAN-SA-2024-0004 Informational Bulletin: OSS CVEs fixed in PAN-OS2024-04-10
CISA ICS
Siemens SCALANCE XCM-/XRM-3002024-02-15
Microsoft
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specia2023-01-10
Ubuntu
Libksba vulnerability2022-10-26
Ubuntu
Libksba vulnerability2022-10-19