Bug 2135610 (CVE-2022-3515)
| Summary: | CVE-2022-3515 libksba: integer overflow may lead to remote code execution | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | TEJ RATHI <trathi> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | adudiak, aoconnor, arachman, bdettelb, caswilli, dffrench, dkuc, dpensier, drieden, fjansen, gzaronik, ikanias, jary, jburrell, jjelen, jkoehler, jwong, kaycoth, kshier, lveyde, michal.skrivanek, micjohns, mperina, ngough, psegedy, rgodfrey, rravi, sbonazzo, stcannon, sthirugn, szidek, tcarlin, tfister, thoger, tkasparek, tohughes, tsasak, vkrizan, vmugicag |
| Target Milestone: | --- | Keywords: | Reopened, Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | libksba 1.6.2 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-02-13 09:08:57 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2135617, 2135695, 2135696, 2135697, 2135698, 2135699, 2135700, 2135701, 2135702, 2135703, 2135704, 2136431 | ||
| Bug Blocks: | 2134910 | ||
|
Description
TEJ RATHI
2022-10-18 05:39:59 UTC
Created libksba tracking bugs for this issue: Affects: fedora-all [bug 2135617] Upstream Commit: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=4b7d9cd4a018898d7714ce06f3faf2626c14582b This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:7088 https://access.redhat.com/errata/RHSA-2022:7088 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7089 https://access.redhat.com/errata/RHSA-2022:7089 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:7090 https://access.redhat.com/errata/RHSA-2022:7090 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:7209 https://access.redhat.com/errata/RHSA-2022:7209 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2022:7283 https://access.redhat.com/errata/RHSA-2022:7283 FEDORA-2022-7c13845b0d has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report. This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:7927 https://access.redhat.com/errata/RHSA-2022:7927 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2022:8598 https://access.redhat.com/errata/RHSA-2022:8598 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-3515 |