Libksba
Sign in to watchby Gnupg
Source repositories
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-4356 | Hig | 0.49 | 7.5 | 0.01 | Jun 13, 2016 | The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data. | |
| CVE-2016-4355 | Hig | 0.49 | 7.5 | 0.01 | Jun 13, 2016 | Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. | |
| CVE-2016-4354 | Hig | 0.49 | 7.5 | 0.01 | Jun 13, 2016 | ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. | |
| CVE-2014-9087 | 0.00 | — | 0.04 | Dec 1, 2014 | Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow. |