PT-2014-8816 · Kde+2 · Libksba+2

Hanno Böck

Publicado

2014-11-26

Atualizado

2024-06-15

CVE-2014-9087

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Libksba versions prior to 1.3.2

Description The issue allows remote attackers to cause a denial of service (crash) via a crafted OID in a S/MIME message or ECC based OpenPGP data, which triggers a buffer overflow. This occurs due to an integer underflow in the ksba oid to str function.

Recommendations For versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue. As a temporary workaround, consider restricting the processing of S/MIME messages and ECC based OpenPGP data to minimize the risk of exploitation.

Correção

DoS

Integer Underflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-191

Identificadores relacionados

CVE-2014-9087

DLA-141-1

DSA-3078-1

MGASA-2014-0498

OPENSUSE-SU-2024:10126-1

SUSE-SU-2014_1676-1

SUSE-SU-2015_0030-1

USN-2427-1

Produtos afetados

Libksba

Suse

Ubuntu

PT-2014-8816 · Kde+2 · Libksba+2

CVE-2014-9087

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 35