CVE-2022-47629

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://dev.gnupg.org/T6284	Patch Third Party Advisory
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070
https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202212-07	Third Party Advisory
https://security.netapp.com/advisory/ntap-20230316-0011/
https://www.debian.org/security/2022/dsa-5305	Third Party Advisory
https://dev.gnupg.org/T6284	Patch Third Party Advisory
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070
https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202212-07	Third Party Advisory
https://security.netapp.com/advisory/ntap-20230316-0011/
https://www.debian.org/security/2022/dsa-5305	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnupg:libksba:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

History

21 Nov 2024, 07:32

Type	Values Removed	Values Added
References	~~() https://dev.gnupg.org/T6284 - Patch, Third Party Advisory~~	() https://dev.gnupg.org/T6284 - Patch, Third Party Advisory
References	~~() https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070 -~~	() https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070 -
References	~~() https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html - Mailing List, Third Party Advisory~~	() https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html - Mailing List, Third Party Advisory
References	~~() https://security.gentoo.org/glsa/202212-07 - Third Party Advisory~~	() https://security.gentoo.org/glsa/202212-07 - Third Party Advisory
References	~~() https://security.netapp.com/advisory/ntap-20230316-0011/ -~~	() https://security.netapp.com/advisory/ntap-20230316-0011/ -
References	~~() https://www.debian.org/security/2022/dsa-5305 - Third Party Advisory~~	() https://www.debian.org/security/2022/dsa-5305 - Third Party Advisory

07 Nov 2023, 03:56

Type	Values Removed	Values Added
References	{'url': 'https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070', 'name': 'https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070', 'tags': ['Patch', 'Third Party Advisory'], 'refsource': 'MISC'}	() https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070 -

Information

Published : 2022-12-20 23:15

Updated : 2024-11-21 07:32

NVD link : CVE-2022-47629

Mitre link : CVE-2022-47629

CVE.ORG link : CVE-2022-47629

JSON object : View

Products Affected

debian

debian_linux

gnupg

libksba

CWE

CWE-190

Integer Overflow or Wraparound

9.8 /10