Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Libksba Project Subscribe
Filtered by product Libksba

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-9087 5 Canonical, Debian, Gnupg and 2 more 5 Ubuntu Linux, Debian Linux, Gnupg and 2 more 2020-07-14 7.5 HIGH N/A
Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.
CVE-2016-4353 2 Canonical, Libksba Project 2 Ubuntu Linux, Libksba 2019-11-29 5.0 MEDIUM 7.5 HIGH
ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data.
CVE-2016-4354 2 Canonical, Libksba Project 2 Ubuntu Linux, Libksba 2019-11-29 5.0 MEDIUM 7.5 HIGH
ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.
CVE-2016-4355 2 Canonical, Libksba Project 2 Ubuntu Linux, Libksba 2019-11-29 5.0 MEDIUM 7.5 HIGH
Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.
CVE-2016-4356 2 Canonical, Libksba Project 2 Ubuntu Linux, Libksba 2019-11-29 5.0 MEDIUM 7.5 HIGH
The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data.
CVE-2016-4574 3 Canonical, Libksba Project, Opensuse 4 Ubuntu Linux, Libksba, Leap and 1 more 2019-11-29 5.0 MEDIUM 7.5 HIGH
Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356.
CVE-2016-4579 3 Canonical, Libksba Project, Opensuse 3 Ubuntu Linux, Libksba, Leap 2019-11-29 5.0 MEDIUM 7.5 HIGH
Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl."