Vulnerabilities > Gnupg > Libksba

DATE CVE VULNERABILITY TITLE RISK
2023-01-12 CVE-2022-3515 A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser.
network
low complexity
gnupg gpg4win
critical
9.8
2022-12-20 CVE-2022-47629 Integer Overflow or Wraparound vulnerability in multiple products
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.
network
low complexity
gnupg debian CWE-190
critical
9.8
2016-06-13 CVE-2016-4579 Improper Input Validation vulnerability in multiple products
Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl."
network
low complexity
gnupg opensuse canonical CWE-20
7.5
2016-06-13 CVE-2016-4574 Numeric Errors vulnerability in multiple products
Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data.
network
low complexity
gnupg canonical opensuse CWE-189
7.5
2016-06-13 CVE-2016-4356 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data.
network
low complexity
gnupg canonical CWE-119
7.5
2016-06-13 CVE-2016-4355 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.
network
low complexity
gnupg canonical CWE-119
7.5
2016-06-13 CVE-2016-4354 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.
network
low complexity
canonical gnupg CWE-119
7.5
2016-06-13 CVE-2016-4353 Improper Input Validation vulnerability in multiple products
ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data.
network
low complexity
gnupg canonical CWE-20
7.5