oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: libksba out-of-bouds read remote DOS issue fixed in 1.3.4

From: cve-assign () mitre org
Date: Wed, 11 May 2016 11:43:58 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=a7eed17a0b2a1c09ef986f3b4b323cd31cea2b64



The returned length of the object from _ksba_ber_parse_tl (ti.length)
was not always checked against the actual buffer length, thus leading
to a read access after the end of the buffer


Use CVE-2016-4579.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXM1LfAAoJEHb/MwWLVhi2N10P/0+rxmJVD8dNcnKtGuVt4lUc
R3TTBT9/FzmRzBOqe2sn/2GCgiZVuV1tBKvem16qrQI9wM8tndw8q1Osi+sYcN9q
bZetnnk0Upi0ix/Zbyx01D8ENCoUTXShhIf5rU4tSZKSInD79KxyzqKWbxCG5Ecd
5ncqcTApwWdSpmwDJRbZDZ4K38nT8QCAp6DrLUKaMmnOtuYsgdsx/Yc2bZ1gWdIQ
Jgk7dTrIchh7d88igd6nWRewwmh2WX8dh+iSegs9x6xrEJallqCdqBzWs7kU3edJ
04jNhqaJIMZcHJrxLV6ozyEA9PdWyMc3+WDaOEQ+T2aPfrnm3+VQl6xRf3vNjins
eNmYLneyYPAGjJvRL+mzchcb5SOLspNO+GUcN/814RWM90st3U6OTVxl8A6LmAtF
4ARmrKWClz1vBYAZrXDFIZaECWR2GnkAOO0pEPtn1/WCu/Nq+/h0KAFxH9LQObtG
EtrbOs04/66Ny2TR0yw2TWnlqJoI5vzXuSE3ofpOxDX6ComyCypURsqIzO3xP/xg
8WxCuMDaD5ZRqSPavsKXnvPrYvCTr2P+tysqfwc50wiNKBmE7cj3ZmRB3jWQE79w
4T8k6H7h+8SYwHkmfhV0m8yA8slKYXfOK6+TaVf6ZmCIySpb7WcdHa7Xk2mz2ric
0myN/q9o1w35t7c230xx
=UcFl
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: