CVE-2016-4574 in Libksbainfo

Summary

Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

05/10/2016

Disclosure

06/13/2016

Status

Confirmed

Entries

CVSS

7.5

EPSS

0.00956

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-4574
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-4574
CVE Details	https://www.cvedetails.com/cve/CVE-2016-4574/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!