A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2022-3515 | Patch Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2135610 | Exploit Issue Tracking Third Party Advisory |
https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b | Exploit Patch Third Party Advisory |
https://security.netapp.com/advisory/ntap-20230706-0008/ | |
https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html | Third Party Advisory |
Configurations
History
06 Jul 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
CWE | ||
References |
|
18 May 2023, 18:08
Type | Values Removed | Values Added |
---|---|---|
First Time |
Gnupg libksba
|
|
CPE | cpe:2.3:a:gnupg:libksba:*:*:*:*:*:*:*:* |
20 Jan 2023, 20:08
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2135610 - Exploit, Issue Tracking, Third Party Advisory | |
References | (MISC) https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b - Exploit, Patch, Third Party Advisory | |
References | (MISC) https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html - Third Party Advisory | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2022-3515 - Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:gnupg:vs-desktop:*:*:*:*:*:*:*:* cpe:2.3:a:libksba_project:libksba:*:*:*:*:*:*:*:* cpe:2.3:a:gnupg:gnupg:*:*:*:*:lts:*:*:* cpe:2.3:a:gnupg:gnupg:*:*:*:*:-:*:*:* cpe:2.3:a:gpg4win:gpg4win:*:*:*:*:*:*:*:* |
|
First Time |
Libksba Project libksba
Gnupg gnupg Gnupg vs-desktop Gpg4win gpg4win Gpg4win Libksba Project Gnupg |
12 Jan 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-12 15:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-3515
Mitre link : CVE-2022-3515
CVE.ORG link : CVE-2022-3515
JSON object : View
Products Affected
gpg4win
- gpg4win
gnupg
- vs-desktop
- gnupg
- libksba
CWE
CWE-190
Integer Overflow or Wraparound