CVE request: libksba out-of-bouds read remote DOS issue fixed in 1.3.4

[Andreas Stieger <astieger () suse com>]

libksba 1.3.4 was released with the following in NEWS:

> * Fixed two OOB read access bugs which could be used to force a DoS.

The first is http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=a7eed17a0b2a1c09ef986f3b4b323cd31cea2b64

> Fix possible read access beyond the buffer. > > * src/ber-help.c (_ksba_ber_parse_tl): Add extra sanity check. > *
src/cert.c (ksba_cert_get_cert_policies): Check TLV given length >
against buffer length. > (ksba_cert_get_ext_key_usages): Ditto. > *
src/ocsp.c (parse_asntime_into_isotime): Ditto. > -- > > The returned
length of the object from _ksba_ber_parse_tl (ti.length) > was not
always checked against the actual buffer length, thus leading > to a
read access after the end of the buffer and thus a segv. > >
GnuPG-bug-id: 2344 > Reported-by: Pascal Cuoq > Signed-off-by: Werner
Koch <wk () gnupg org <mailto:wk () gnupg org>>



The second (6be61daac047d8e6aa941eb103f8e71a1d4e3c75
<http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=6be61daac047d8e6aa941eb103f8e71a1d4e3c75>) was 
already assigned CVE-2016-4574 (incomplete fix for CVE-2016-4356) elsethread.
http://seclists.org/oss-sec/2016/q2/300

Could a CVE be assigned to this issue?

Andreas

-- 
Andreas Stieger <astieger () suse com>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)

Attachment: signature.asc
Description: OpenPGP digital signature