PT-2022-6026 · Libksba+10 · Libksba+10

Elttam

Published

2022-10-17

Updated

2025-06-11

CVE-2022-47629

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Libksba versions prior to 1.6.3

Description The issue is related to an integer overflow vulnerability in the CRL signature parser. This vulnerability can be exploited by a remote attacker to send specially crafted data to the application, causing an integer overflow and potentially allowing the execution of arbitrary code on the target system.

Recommendations For versions prior to 1.6.3, update to version 1.6.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the CRL signature parser until a patch is available.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2023:0625

ALSA-2023:0626

ALT-PU-2022-7646

ALT-PU-2025-7370

AZL-12104

BDU:2022-07478

CESA-2023_0530

CESA-2023_0625

CVE-2022-47629

DLA-3248-1

DSA-5305-1

MGASA-2022-0485

OESA-2022-2157

OESA-2022-2158

OESA-2022-2159

OESA-2023-1158

OPENSUSE-SU-2023_0056-1

OPENSUSE-SU-2024:12595-1

RHSA-2023:0530

RHSA-2023:0592

RHSA-2023:0593

RHSA-2023:0594

RHSA-2023:0624

RHSA-2023:0625

RHSA-2023:0626

RHSA-2023:0629

RHSA-2023:0859

RHSA-2023_0530

RHSA-2023_0625

RHSA-2023_0626

RLSA-2023:0625

RLSA-2023:0626

ROSA-SA-2023-2129

ROSA-SA-2023-2170

SUSE-SU-2023:0031-1

SUSE-SU-2023:0031-2

SUSE-SU-2023:0056-1

SUSE-SU-2023:0056-2

SUSE-SU-2023_0031-1

SUSE-SU-2023_0031-2

SUSE-SU-2023_0056-1

SUSE-SU-2023_0056-2

USN-5787-1

USN-5787-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Libksba

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2022-6026 · Libksba+10 · Libksba+10

CVE-2022-47629

Weakness Enumeration

Related Identifiers

Affected Products

References · 83