CVE-2022-3515

Published: Jan 12, 2023Modified: Apr 8, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.

Affected (5)

Products: Gnupg: Libksba, Vs Desktop, Gnupg · Gpg4win: Gpg4win

3 products

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnupg Libksba	Before 1.6.3

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Gpg4win Gpg4win	From 2.0.0 to 4.1.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Gnupg Vs Desktop	From 3.1.16 to 3.1.26

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Gnupg Gnupg	From 2.3.0 to 2.4.0
Gnupg Gnupg	From 2.1.0 to 2.2.41

Related CWEs

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (10)

https://access.redhat.com/security/cve/CVE-2022-3515

Source: secalert@redhat.com

PatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2135610

Source: secalert@redhat.com

ExploitIssue TrackingThird Party Advisory

https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b

Source: secalert@redhat.com

ExploitPatchThird Party Advisory

https://security.netapp.com/advisory/ntap-20230706-0008/

Source: secalert@redhat.com

https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/security/cve/CVE-2022-3515

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2135610

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

https://security.netapp.com/advisory/ntap-20230706-0008/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.