First published: Mon Oct 17 2022(Updated: )
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/libksba | <0:1.3.0-7.el7_9 | 0:1.3.0-7.el7_9 |
redhat/libksba | <0:1.3.5-9.el8_7 | 0:1.3.5-9.el8_7 |
redhat/libksba | <0:1.3.5-9.el8_1 | 0:1.3.5-9.el8_1 |
redhat/libksba | <0:1.3.5-9.el8_2 | 0:1.3.5-9.el8_2 |
redhat/libksba | <0:1.3.5-9.el8_4 | 0:1.3.5-9.el8_4 |
redhat/libksba | <0:1.3.5-9.el8_6 | 0:1.3.5-9.el8_6 |
redhat/libksba | <0:1.5.1-6.el9_1 | 0:1.5.1-6.el9_1 |
redhat/libksba | <0:1.5.1-6.el9_0 | 0:1.5.1-6.el9_0 |
Gnupg Libksba | <1.6.3 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
debian/libksba | <=1.3.5-2 | 1.3.5-2+deb10u2 1.5.0-3+deb11u2 1.6.3-2 1.6.5-2 |
<1.6.3 | ||
=10.0 | ||
=11.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2022-47629 is a vulnerability found in the Libksba library, which is prone to an integer overflow vulnerability in the CRL signature parser.
CVE-2022-47629 has a severity rating of 9.8 (Critical).
CVE-2022-47629 affects the Libksba library by allowing remote attackers to execute code on the target system by passing specially crafted data.
The affected software versions include Libksba 1.3.5-2+deb10u2, 1.5.0-3+deb11u2, 1.6.3-2, and 1.6.4-2.
To fix CVE-2022-47629, it is recommended to update the Libksba library to version 1.6.3 or higher.