MidnightBSD

Advisories for libksba_project

CVE-2022-3515

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.

Products Affected

Vendor Product Version
gnupg vs-desktop *
libksba_project libksba *
gnupg gnupg *
gpg4win gpg4win *
CVE-2022-47629

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
libksba_project libksba *
debian debian_linux 11.0
debian debian_linux 10.0