CVE-2016-4355

Published: Jun 13, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.

Affected (3)

Products: Gnupg: Libksba · Canonical: Ubuntu Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnupg Libksba	Up to 1.3.2

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (10)

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=aea7b6032865740478ca4b706850a5217f1c3887

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2016/04/29/5

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2016/04/29/8

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2982-1

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201604-04

Source: secalert@redhat.com

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=aea7b6032865740478ca4b706850a5217f1c3887