Vulnerabilities > CVE-2014-9087 - Integer Underflow (Wrap or Wraparound) vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
mageia
debian
gnupg
canonical
CWE-191
nessus
NVD
Published: 2014-12-01
Updated: 2024-11-21

Summary

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.

Vulnerable Configurations

Part Description Count
OS
Mageia
2
OS
Debian
2
OS
Canonical
3
Application
Gnupg
46

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-151.NASL
    descriptionUpdated libksba packages fix security vulnerability : By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could lead to a denial of service (CVE-2014-9087).
    last seen2020-06-01
    modified2020-06-02
    plugin id82404
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82404
    titleMandriva Linux Security Advisory : libksba (MDVSA-2015:151)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-799.NASL
    descriptionThis libksba update fixes the following security issue : - bnc#907074: buffer overflow in OID processing (CVE-2014-9087)
    last seen2020-06-05
    modified2014-12-23
    plugin id80212
    published2014-12-23
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80212
    titleopenSUSE Security Update : libksba (openSUSE-SU-2014:1682-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-15847.NASL
    descriptionMinor update from upstream fixing moderate impact security issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-12-06
    plugin id79752
    published2014-12-06
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79752
    titleFedora 20 : libksba-1.3.2-1.fc20 (2014-15847)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-234.NASL
    descriptionUpdated libksba packages fix security vulnerability : By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could lead to a denial of service (CVE-2014-9087).
    last seen2020-06-01
    modified2020-06-02
    plugin id79630
    published2014-12-01
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79630
    titleMandriva Linux Security Advisory : libksba (MDVSA-2014:234)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3078.NASL
    descriptionAn integer underflow flaw, leading to a heap-based buffer overflow, was found in the ksba_oid_to_str() function of libksba, an X.509 and CMS (PKCS#7) library. By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could cause an application using libksba to crash (denial of service), or potentially, execute arbitrary code.
    last seen2020-03-17
    modified2014-11-28
    plugin id79600
    published2014-11-28
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79600
    titleDebian DSA-3078-1 : libksba - security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-141.NASL
    descriptionA vulnerability has been fixed in the libksba X.509 and CMS support library : CVE-2014-9087 Fix buffer overflow in ksba_oid_to_str reported by Hanno Böck. We recommend that you upgrade your libksba packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-03-26
    plugin id82124
    published2015-03-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82124
    titleDebian DLA-141-1 : libksba security update
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-15838.NASL
    descriptionMinor update from upstream fixing moderate impact security issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-12-07
    plugin id79786
    published2014-12-07
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79786
    titleFedora 19 : libksba-1.3.2-1.fc19 (2014-15838)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-15863.NASL
    descriptionMinor update from upstream fixing moderate impact security issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-12-07
    plugin id79788
    published2014-12-07
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79788
    titleFedora 21 : libksba-1.3.2-1.fc21 (2014-15863)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBKSBA-141211.NASL
    descriptionThis libksba update fixes the following security issue : - buffer overflow in ksba_oid_to_str (CVE-2014-9087). (bnc#907074)
    last seen2020-06-05
    modified2014-12-22
    plugin id80166
    published2014-12-22
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80166
    titleSuSE 11.3 Security Update : libksba (SAT Patch Number 10087)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2427-1.NASL
    descriptionHanno Bock discovered that Libksba incorrectly handled certain S/MIME messages or ECC based OpenPGP data. An attacker could use this issue to cause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id79623
    published2014-11-28
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79623
    titleUbuntu 12.04 LTS / 14.04 LTS / 14.10 : libksba vulnerability (USN-2427-1)

References