Oracle Linux 9 : libksba (ELSA-2023-0626)

critical Nessus Plugin ID 171115


The remote Oracle Linux host is missing a security update.


The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-0626 advisory.

- Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Update the affected libksba and / or libksba-devel packages.

See Also

Plugin Details

Severity: Critical

ID: 171115

File Name: oraclelinux_ELSA-2023-0626.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2/8/2023

Updated: 2/10/2023

Supported Sensors: Frictionless Assessment Agent, Nessus Agent

Risk Information


Risk Factor: High

Score: 8.4


Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2022-47629


Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:oracle:linux:9, p-cpe:/a:oracle:linux:libksba, p-cpe:/a:oracle:linux:libksba-devel

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 2/8/2023

Vulnerability Publication Date: 12/20/2022

Reference Information

CVE: CVE-2022-47629

IAVA: 2023-A-0072