CVE-2016-4356
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
13/06/2016
Last modified:
12/04/2025
Description
The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:gnupg:libksba:*:*:*:*:*:*:*:* | 1.3.2 (including) | |
| cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba%3Dcommit%3Bh%3D243d12fdec66a4360fbb3e307a046b39b5b4ffc3
- http://www.openwall.com/lists/oss-security/2016/04/29/5
- http://www.openwall.com/lists/oss-security/2016/04/29/8
- http://www.openwall.com/lists/oss-security/2016/05/10/3
- http://www.ubuntu.com/usn/USN-2982-1
- https://security.gentoo.org/glsa/201604-04
- http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba%3Dcommit%3Bh%3D243d12fdec66a4360fbb3e307a046b39b5b4ffc3
- http://www.openwall.com/lists/oss-security/2016/04/29/5
- http://www.openwall.com/lists/oss-security/2016/04/29/8
- http://www.openwall.com/lists/oss-security/2016/05/10/3
- http://www.ubuntu.com/usn/USN-2982-1
- https://security.gentoo.org/glsa/201604-04