PT-2016-6031 · Kde+3 · Libksba+3

Pascal Cuoq

Published

2016-05-13

Updated

2024-06-15

CVE-2016-4574

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Libksba versions prior to 1.3.4

Description The issue is caused by an off-by-one error in the append utf8 value function within the DN decoder (dn.c) in Libksba. This error allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data.

Recommendations For versions prior to 1.3.4, update to version 1.3.4 or later to resolve the issue. As a temporary workaround, consider restricting the input of utf-8 encoded data to prevent exploitation.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

ALT-PU-2017-3589

CVE-2016-4574

MGASA-2016-0181

OPENSUSE-SU-2024:10126-1

SUSE-SU-2016:1509-1

SUSE-SU-2016:1510-1

SUSE-SU-2016_1509-1

SUSE-SU-2016_1510-1

SUSE-SU-2017:2699-1

SUSE-SU-2017:2700-1

USN-2982-1

Affected Products

Alt Linux

Libksba

Suse

Ubuntu

PT-2016-6031 · Kde+3 · Libksba+3

CVE-2016-4574

Weakness Enumeration

Related Identifiers

Affected Products

References · 47