CVE-2016-4579

Published: Jun 13, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl."

Affected (6)

Products: Gnupg: Libksba · Opensuse: Leap · Canonical: Ubuntu Linux

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnupg Libksba	Up to 1.3.3

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.1

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 15.10
Canonical Ubuntu Linux	Version 16.04

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (12)

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=a7eed17a0b2a1c09ef986f3b4b323cd31cea2b64

Source: security@opentext.com

http://lists.opensuse.org/opensuse-updates/2016-06/msg00028.html

Source: security@opentext.com

http://www.openwall.com/lists/oss-security/2016/05/10/8

Source: security@opentext.com

http://www.openwall.com/lists/oss-security/2016/05/11/10

Source: security@opentext.com

http://www.ubuntu.com/usn/USN-2982-1

Source: security@opentext.com

https://security.gentoo.org/glsa/201706-22

Source: security@opentext.com

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=a7eed17a0b2a1c09ef986f3b4b323cd31cea2b64