CVE-2014-9087

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.

References

http://advisories.mageia.org/MGASA-2014-0498.html

http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html

http://secunia.com/advisories/60073

http://secunia.com/advisories/60189

http://secunia.com/advisories/60233

http://www.debian.org/security/2014/dsa-3078

http://www.mandriva.com/security/advisories?name=MDVSA-2014:234

http://www.mandriva.com/security/advisories?name=MDVSA-2015:151

http://www.securityfocus.com/bid/71285

http://www.ubuntu.com/usn/USN-2427-1

https://blog.fuzzing-project.org/2-Buffer-overflow-and-other-minor-issues-in-GnuPG-and-libksba-TFPA-0012014.html

Details

Source: MITRE

Published: 2014-12-01

Updated: 2020-07-14

Type: CWE-191

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
82404Mandriva Linux Security Advisory : libksba (MDVSA-2015:151)NessusMandriva Local Security Checks
medium
82124Debian DLA-141-1 : libksba security updateNessusDebian Local Security Checks
medium
80212openSUSE Security Update : libksba (openSUSE-SU-2014:1682-1)NessusSuSE Local Security Checks
medium
80166SuSE 11.3 Security Update : libksba (SAT Patch Number 10087)NessusSuSE Local Security Checks
medium
79788Fedora 21 : libksba-1.3.2-1.fc21 (2014-15863)NessusFedora Local Security Checks
medium
79786Fedora 19 : libksba-1.3.2-1.fc19 (2014-15838)NessusFedora Local Security Checks
medium
79752Fedora 20 : libksba-1.3.2-1.fc20 (2014-15847)NessusFedora Local Security Checks
medium
79630Mandriva Linux Security Advisory : libksba (MDVSA-2014:234)NessusMandriva Local Security Checks
medium
79623Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : libksba vulnerability (USN-2427-1)NessusUbuntu Local Security Checks
high
79600Debian DSA-3078-1 : libksba - security updateNessusDebian Local Security Checks
medium