Bug 2161571 (CVE-2022-47629) - CVE-2022-47629 libksba: integer overflow to code execution
Summary: CVE-2022-47629 libksba: integer overflow to code execution
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-47629
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2161574 2161575 2161576 2161577 2161578 2161579 2161580 2161581 2161582 2161583 2164760
Blocks: 2134910
TreeView+ depends on / blocked
 
Reported: 2023-01-17 10:31 UTC by Sandipan Roy
Modified: 2024-03-18 15:14 UTC (History)
53 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in the Libksba library, due to an integer overflow within the CRL's signature parser. This issue can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.
Clone Of:
Environment:
Last Closed: 2023-02-10 03:06:50 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:0635 0 None None None 2023-02-07 17:31:59 UTC
Red Hat Product Errata RHBA-2023:0640 0 None None None 2023-02-08 00:31:33 UTC
Red Hat Product Errata RHBA-2023:0641 0 None None None 2023-02-08 04:55:00 UTC
Red Hat Product Errata RHBA-2023:0642 0 None None None 2023-02-08 05:00:53 UTC
Red Hat Product Errata RHBA-2023:0643 0 None None None 2023-02-08 05:06:29 UTC
Red Hat Product Errata RHBA-2023:0644 0 None None None 2023-02-08 04:57:28 UTC
Red Hat Product Errata RHBA-2023:0645 0 None None None 2023-02-08 05:31:12 UTC
Red Hat Product Errata RHBA-2023:0646 0 None None None 2023-02-08 05:38:33 UTC
Red Hat Product Errata RHBA-2023:0647 0 None None None 2023-02-08 05:35:31 UTC
Red Hat Product Errata RHBA-2023:0648 0 None None None 2023-02-08 05:45:51 UTC
Red Hat Product Errata RHBA-2023:0649 0 None None None 2023-02-08 05:41:13 UTC
Red Hat Product Errata RHBA-2023:0654 0 None None None 2023-02-08 08:01:47 UTC
Red Hat Product Errata RHBA-2023:0655 0 None None None 2023-02-08 08:01:36 UTC
Red Hat Product Errata RHBA-2023:0656 0 None None None 2023-02-08 09:29:16 UTC
Red Hat Product Errata RHBA-2023:0657 0 None None None 2023-02-08 09:34:59 UTC
Red Hat Product Errata RHBA-2023:0659 0 None None None 2023-02-08 09:41:28 UTC
Red Hat Product Errata RHBA-2023:0660 0 None None None 2023-02-08 10:17:09 UTC
Red Hat Product Errata RHBA-2023:0666 0 None None None 2023-02-08 11:15:43 UTC
Red Hat Product Errata RHBA-2023:0670 0 None None None 2023-02-08 16:35:45 UTC
Red Hat Product Errata RHBA-2023:0672 0 None None None 2023-02-08 15:50:59 UTC
Red Hat Product Errata RHBA-2023:0674 0 None None None 2023-02-08 18:48:58 UTC
Red Hat Product Errata RHBA-2023:0676 0 None None None 2023-02-08 21:14:00 UTC
Red Hat Product Errata RHBA-2023:0677 0 None None None 2023-02-08 21:35:59 UTC
Red Hat Product Errata RHBA-2023:0696 0 None None None 2023-02-09 05:21:02 UTC
Red Hat Product Errata RHBA-2023:0702 0 None None None 2023-02-09 08:00:53 UTC
Red Hat Product Errata RHBA-2023:0705 0 None None None 2023-02-09 10:14:23 UTC
Red Hat Product Errata RHBA-2023:0706 0 None None None 2023-02-09 10:14:43 UTC
Red Hat Product Errata RHBA-2023:0707 0 None None None 2023-02-09 10:16:31 UTC
Red Hat Product Errata RHBA-2023:0710 0 None None None 2023-02-09 11:36:51 UTC
Red Hat Product Errata RHBA-2023:0711 0 None None None 2023-02-09 12:13:28 UTC
Red Hat Product Errata RHBA-2023:0715 0 None None None 2023-02-09 19:55:40 UTC
Red Hat Product Errata RHBA-2023:0716 0 None None None 2023-02-09 19:10:51 UTC
Red Hat Product Errata RHBA-2023:0718 0 None None None 2023-02-09 19:57:42 UTC
Red Hat Product Errata RHBA-2023:0732 0 None None None 2023-02-11 12:17:13 UTC
Red Hat Product Errata RHBA-2023:0733 0 None None None 2023-02-11 12:22:27 UTC
Red Hat Product Errata RHBA-2023:0739 0 None None None 2023-02-13 08:06:09 UTC
Red Hat Product Errata RHBA-2023:0740 0 None None None 2023-02-13 11:34:06 UTC
Red Hat Product Errata RHBA-2023:0741 0 None None None 2023-02-13 12:23:58 UTC
Red Hat Product Errata RHBA-2023:0743 0 None None None 2023-02-13 19:29:05 UTC
Red Hat Product Errata RHBA-2023:0744 0 None None None 2023-02-13 17:03:25 UTC
Red Hat Product Errata RHBA-2023:0745 0 None None None 2023-02-13 17:04:31 UTC
Red Hat Product Errata RHBA-2023:0747 0 None None None 2023-02-13 19:31:12 UTC
Red Hat Product Errata RHBA-2023:0751 0 None None None 2023-02-14 09:08:37 UTC
Red Hat Product Errata RHBA-2023:0753 0 None None None 2023-02-14 09:51:05 UTC
Red Hat Product Errata RHBA-2023:0754 0 None None None 2023-02-14 09:49:56 UTC
Red Hat Product Errata RHBA-2023:0755 0 None None None 2023-02-14 15:46:23 UTC
Red Hat Product Errata RHBA-2023:0757 0 None None None 2023-02-14 15:46:30 UTC
Red Hat Product Errata RHBA-2023:0761 0 None None None 2023-02-14 15:48:44 UTC
Red Hat Product Errata RHBA-2023:0766 0 None None None 2023-02-14 20:33:21 UTC
Red Hat Product Errata RHBA-2023:0791 0 None None None 2023-02-15 15:42:29 UTC
Red Hat Product Errata RHBA-2023:0799 0 None None None 2023-02-16 15:06:27 UTC
Red Hat Product Errata RHBA-2023:0800 0 None None None 2023-02-16 20:24:56 UTC
Red Hat Product Errata RHBA-2023:0801 0 None None None 2023-02-16 23:00:55 UTC
Red Hat Product Errata RHBA-2023:0816 0 None None None 2023-02-20 12:32:59 UTC
Red Hat Product Errata RHBA-2023:0825 0 None None None 2023-02-20 13:45:31 UTC
Red Hat Product Errata RHBA-2023:0826 0 None None None 2023-02-20 14:05:07 UTC
Red Hat Product Errata RHBA-2023:0860 0 None None None 2023-02-21 12:24:18 UTC
Red Hat Product Errata RHBA-2023:0912 0 None None None 2023-02-22 19:21:03 UTC
Red Hat Product Errata RHBA-2023:0929 0 None None None 2023-02-27 15:37:54 UTC
Red Hat Product Errata RHBA-2023:1009 0 None None None 2023-02-28 15:14:12 UTC
Red Hat Product Errata RHBA-2023:1010 0 None None None 2023-02-28 15:15:54 UTC
Red Hat Product Errata RHBA-2023:1063 0 None None None 2023-03-02 19:41:46 UTC
Red Hat Product Errata RHBA-2023:1069 0 None None None 2023-03-06 15:35:05 UTC
Red Hat Product Errata RHBA-2023:1073 0 None None None 2023-03-06 15:31:10 UTC
Red Hat Product Errata RHBA-2023:1143 0 None None None 2023-03-07 14:41:44 UTC
Red Hat Product Errata RHBA-2023:1195 0 None None None 2023-03-14 11:16:40 UTC
Red Hat Product Errata RHBA-8023:0945 0 None None None 2023-02-21 01:04:45 UTC
Red Hat Product Errata RHBA-8023:0946 0 None None None 2023-02-21 01:09:29 UTC
Red Hat Product Errata RHSA-2023:0530 0 None None None 2023-01-30 15:21:14 UTC
Red Hat Product Errata RHSA-2023:0592 0 None None None 2023-02-06 16:34:41 UTC
Red Hat Product Errata RHSA-2023:0593 0 None None None 2023-02-06 16:34:10 UTC
Red Hat Product Errata RHSA-2023:0594 0 None None None 2023-02-06 16:39:48 UTC
Red Hat Product Errata RHSA-2023:0624 0 None None None 2023-02-07 15:39:10 UTC
Red Hat Product Errata RHSA-2023:0625 0 None None None 2023-02-07 15:39:01 UTC
Red Hat Product Errata RHSA-2023:0626 0 None None None 2023-02-07 15:39:27 UTC
Red Hat Product Errata RHSA-2023:0629 0 None None None 2023-02-07 15:47:35 UTC
Red Hat Product Errata RHSA-2023:0756 0 None None None 2023-02-14 11:49:14 UTC
Red Hat Product Errata RHSA-2023:0814 0 None None None 2023-02-20 12:41:09 UTC
Red Hat Product Errata RHSA-2023:0859 0 None None None 2023-02-21 10:40:41 UTC

Description Sandipan Roy 2023-01-17 10:31:50 UTC 
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.

https://dev.gnupg.org/T6284
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070
https://www.debian.org/security/2022/dsa-5305
https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html
https://security.gentoo.org/glsa/202212-07
Comment 13 errata-xmlrpc 2023-01-30 15:21:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0530 https://access.redhat.com/errata/RHSA-2023:0530
Comment 16 errata-xmlrpc 2023-02-06 16:34:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0593 https://access.redhat.com/errata/RHSA-2023:0593
Comment 17 errata-xmlrpc 2023-02-06 16:34:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0592 https://access.redhat.com/errata/RHSA-2023:0592
Comment 18 errata-xmlrpc 2023-02-06 16:39:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:0594 https://access.redhat.com/errata/RHSA-2023:0594
Comment 19 errata-xmlrpc 2023-02-07 15:38:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0625 https://access.redhat.com/errata/RHSA-2023:0625
Comment 20 errata-xmlrpc 2023-02-07 15:39:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0624 https://access.redhat.com/errata/RHSA-2023:0624
Comment 21 errata-xmlrpc 2023-02-07 15:39:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0626 https://access.redhat.com/errata/RHSA-2023:0626
Comment 22 errata-xmlrpc 2023-02-07 15:47:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0629 https://access.redhat.com/errata/RHSA-2023:0629
Comment 23 Product Security DevOps Team 2023-02-10 03:06:47 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-47629
Comment 24 errata-xmlrpc 2023-02-14 11:49:09 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2023:0756 https://access.redhat.com/errata/RHSA-2023:0756
Comment 26 errata-xmlrpc 2023-02-20 12:41:06 UTC 
This issue has been addressed in the following products:

  Cryostat 2 on RHEL 8

Via RHSA-2023:0814 https://access.redhat.com/errata/RHSA-2023:0814
Comment 27 errata-xmlrpc 2023-02-21 10:40:38 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2023:0859 https://access.redhat.com/errata/RHSA-2023:0859
Note You need to log in before you can comment on or make changes to this bug.