Bug 2161571 (CVE-2022-47629) - CVE-2022-47629 libksba: integer overflow to code execution
Summary: CVE-2022-47629 libksba: integer overflow to code execution
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-47629
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2161574 2161575 2161576 2161577 2161578 2161579 2161580 2161581 2161582 2161583 2164760
Blocks: 2134910
TreeView+ depends on / blocked
 
Reported: 2023-01-17 10:31 UTC by Sandipan Roy
Modified: 2024-03-18 15:14 UTC (History)
53 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2023-02-10 03:06:50 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:0635 0 None None None 2023-02-07 17:31:59 UTC
Red Hat Product Errata RHBA-2023:0640 0 None None None 2023-02-08 00:31:33 UTC
Red Hat Product Errata RHBA-2023:0641 0 None None None 2023-02-08 04:55:00 UTC
Red Hat Product Errata RHBA-2023:0642 0 None None None 2023-02-08 05:00:53 UTC
Red Hat Product Errata RHBA-2023:0643 0 None None None 2023-02-08 05:06:29 UTC
Red Hat Product Errata RHBA-2023:0644 0 None None None 2023-02-08 04:57:28 UTC
Red Hat Product Errata RHBA-2023:0645 0 None None None 2023-02-08 05:31:12 UTC
Red Hat Product Errata RHBA-2023:0646 0 None None None 2023-02-08 05:38:33 UTC
Red Hat Product Errata RHBA-2023:0647 0 None None None 2023-02-08 05:35:31 UTC
Red Hat Product Errata RHBA-2023:0648 0 None None None 2023-02-08 05:45:51 UTC
Red Hat Product Errata RHBA-2023:0649 0 None None None 2023-02-08 05:41:13 UTC
Red Hat Product Errata RHBA-2023:0654 0 None None None 2023-02-08 08:01:47 UTC
Red Hat Product Errata RHBA-2023:0655 0 None None None 2023-02-08 08:01:36 UTC
Red Hat Product Errata RHBA-2023:0656 0 None None None 2023-02-08 09:29:16 UTC
Red Hat Product Errata RHBA-2023:0657 0 None None None 2023-02-08 09:34:59 UTC
Red Hat Product Errata RHBA-2023:0659 0 None None None 2023-02-08 09:41:28 UTC
Red Hat Product Errata RHBA-2023:0660 0 None None None 2023-02-08 10:17:09 UTC
Red Hat Product Errata RHBA-2023:0666 0 None None None 2023-02-08 11:15:43 UTC
Red Hat Product Errata RHBA-2023:0670 0 None None None 2023-02-08 16:35:45 UTC
Red Hat Product Errata RHBA-2023:0672 0 None None None 2023-02-08 15:50:59 UTC
Red Hat Product Errata RHBA-2023:0674 0 None None None 2023-02-08 18:48:58 UTC
Red Hat Product Errata RHBA-2023:0676 0 None None None 2023-02-08 21:14:00 UTC
Red Hat Product Errata RHBA-2023:0677 0 None None None 2023-02-08 21:35:59 UTC
Red Hat Product Errata RHBA-2023:0696 0 None None None 2023-02-09 05:21:02 UTC
Red Hat Product Errata RHBA-2023:0702 0 None None None 2023-02-09 08:00:53 UTC
Red Hat Product Errata RHBA-2023:0705 0 None None None 2023-02-09 10:14:23 UTC
Red Hat Product Errata RHBA-2023:0706 0 None None None 2023-02-09 10:14:43 UTC
Red Hat Product Errata RHBA-2023:0707 0 None None None 2023-02-09 10:16:31 UTC
Red Hat Product Errata RHBA-2023:0710 0 None None None 2023-02-09 11:36:51 UTC
Red Hat Product Errata RHBA-2023:0711 0 None None None 2023-02-09 12:13:28 UTC
Red Hat Product Errata RHBA-2023:0715 0 None None None 2023-02-09 19:55:40 UTC
Red Hat Product Errata RHBA-2023:0716 0 None None None 2023-02-09 19:10:51 UTC
Red Hat Product Errata RHBA-2023:0718 0 None None None 2023-02-09 19:57:42 UTC
Red Hat Product Errata RHBA-2023:0732 0 None None None 2023-02-11 12:17:13 UTC
Red Hat Product Errata RHBA-2023:0733 0 None None None 2023-02-11 12:22:27 UTC
Red Hat Product Errata RHBA-2023:0739 0 None None None 2023-02-13 08:06:09 UTC
Red Hat Product Errata RHBA-2023:0740 0 None None None 2023-02-13 11:34:06 UTC
Red Hat Product Errata RHBA-2023:0741 0 None None None 2023-02-13 12:23:58 UTC
Red Hat Product Errata RHBA-2023:0743 0 None None None 2023-02-13 19:29:05 UTC
Red Hat Product Errata RHBA-2023:0744 0 None None None 2023-02-13 17:03:25 UTC
Red Hat Product Errata RHBA-2023:0745 0 None None None 2023-02-13 17:04:31 UTC
Red Hat Product Errata RHBA-2023:0747 0 None None None 2023-02-13 19:31:12 UTC
Red Hat Product Errata RHBA-2023:0751 0 None None None 2023-02-14 09:08:37 UTC
Red Hat Product Errata RHBA-2023:0753 0 None None None 2023-02-14 09:51:05 UTC
Red Hat Product Errata RHBA-2023:0754 0 None None None 2023-02-14 09:49:56 UTC
Red Hat Product Errata RHBA-2023:0755 0 None None None 2023-02-14 15:46:23 UTC
Red Hat Product Errata RHBA-2023:0757 0 None None None 2023-02-14 15:46:30 UTC
Red Hat Product Errata RHBA-2023:0761 0 None None None 2023-02-14 15:48:44 UTC
Red Hat Product Errata RHBA-2023:0766 0 None None None 2023-02-14 20:33:21 UTC
Red Hat Product Errata RHBA-2023:0791 0 None None None 2023-02-15 15:42:29 UTC
Red Hat Product Errata RHBA-2023:0799 0 None None None 2023-02-16 15:06:27 UTC
Red Hat Product Errata RHBA-2023:0800 0 None None None 2023-02-16 20:24:56 UTC
Red Hat Product Errata RHBA-2023:0801 0 None None None 2023-02-16 23:00:55 UTC
Red Hat Product Errata RHBA-2023:0816 0 None None None 2023-02-20 12:32:59 UTC
Red Hat Product Errata RHBA-2023:0825 0 None None None 2023-02-20 13:45:31 UTC
Red Hat Product Errata RHBA-2023:0826 0 None None None 2023-02-20 14:05:07 UTC
Red Hat Product Errata RHBA-2023:0860 0 None None None 2023-02-21 12:24:18 UTC
Red Hat Product Errata RHBA-2023:0912 0 None None None 2023-02-22 19:21:03 UTC
Red Hat Product Errata RHBA-2023:0929 0 None None None 2023-02-27 15:37:54 UTC
Red Hat Product Errata RHBA-2023:1009 0 None None None 2023-02-28 15:14:12 UTC
Red Hat Product Errata RHBA-2023:1010 0 None None None 2023-02-28 15:15:54 UTC
Red Hat Product Errata RHBA-2023:1063 0 None None None 2023-03-02 19:41:46 UTC
Red Hat Product Errata RHBA-2023:1069 0 None None None 2023-03-06 15:35:05 UTC
Red Hat Product Errata RHBA-2023:1073 0 None None None 2023-03-06 15:31:10 UTC
Red Hat Product Errata RHBA-2023:1143 0 None None None 2023-03-07 14:41:44 UTC
Red Hat Product Errata RHBA-2023:1195 0 None None None 2023-03-14 11:16:40 UTC
Red Hat Product Errata RHBA-8023:0945 0 None None None 2023-02-21 01:04:45 UTC
Red Hat Product Errata RHBA-8023:0946 0 None None None 2023-02-21 01:09:29 UTC
Red Hat Product Errata RHSA-2023:0530 0 None None None 2023-01-30 15:21:14 UTC
Red Hat Product Errata RHSA-2023:0592 0 None None None 2023-02-06 16:34:41 UTC
Red Hat Product Errata RHSA-2023:0593 0 None None None 2023-02-06 16:34:10 UTC
Red Hat Product Errata RHSA-2023:0594 0 None None None 2023-02-06 16:39:48 UTC
Red Hat Product Errata RHSA-2023:0624 0 None None None 2023-02-07 15:39:10 UTC
Red Hat Product Errata RHSA-2023:0625 0 None None None 2023-02-07 15:39:01 UTC
Red Hat Product Errata RHSA-2023:0626 0 None None None 2023-02-07 15:39:27 UTC
Red Hat Product Errata RHSA-2023:0629 0 None None None 2023-02-07 15:47:35 UTC
Red Hat Product Errata RHSA-2023:0756 0 None None None 2023-02-14 11:49:14 UTC
Red Hat Product Errata RHSA-2023:0814 0 None None None 2023-02-20 12:41:09 UTC
Red Hat Product Errata RHSA-2023:0859 0 None None None 2023-02-21 10:40:41 UTC

Description Sandipan Roy 2023-01-17 10:31:50 UTC 
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.

https://dev.gnupg.org/T6284
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070
https://www.debian.org/security/2022/dsa-5305
https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html
https://security.gentoo.org/glsa/202212-07
Comment 13 errata-xmlrpc 2023-01-30 15:21:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0530 https://access.redhat.com/errata/RHSA-2023:0530
Comment 16 errata-xmlrpc 2023-02-06 16:34:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0593 https://access.redhat.com/errata/RHSA-2023:0593
Comment 17 errata-xmlrpc 2023-02-06 16:34:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0592 https://access.redhat.com/errata/RHSA-2023:0592
Comment 18 errata-xmlrpc 2023-02-06 16:39:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:0594 https://access.redhat.com/errata/RHSA-2023:0594
Comment 19 errata-xmlrpc 2023-02-07 15:38:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0625 https://access.redhat.com/errata/RHSA-2023:0625
Comment 20 errata-xmlrpc 2023-02-07 15:39:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0624 https://access.redhat.com/errata/RHSA-2023:0624
Comment 21 errata-xmlrpc 2023-02-07 15:39:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0626 https://access.redhat.com/errata/RHSA-2023:0626
Comment 22 errata-xmlrpc 2023-02-07 15:47:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0629 https://access.redhat.com/errata/RHSA-2023:0629
Comment 23 Product Security DevOps Team 2023-02-10 03:06:47 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-47629
Comment 24 errata-xmlrpc 2023-02-14 11:49:09 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2023:0756 https://access.redhat.com/errata/RHSA-2023:0756
Comment 26 errata-xmlrpc 2023-02-20 12:41:06 UTC 
This issue has been addressed in the following products:

  Cryostat 2 on RHEL 8

Via RHSA-2023:0814 https://access.redhat.com/errata/RHSA-2023:0814
Comment 27 errata-xmlrpc 2023-02-21 10:40:38 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2023:0859 https://access.redhat.com/errata/RHSA-2023:0859
Note You need to log in before you can comment on or make changes to this bug.