ID CVE-2014-9087
Summary Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*
    cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*
  • cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:libksba:*:*:*:*:*:*:*:*
    cpe:2.3:a:gnupg:libksba:*:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.1.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.1.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:gnupg:gnupg:2.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:gnupg:gnupg:2.1.0:-:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-05-2023 - 18:08)
Impact:
Exploitability:
CWE CWE-191
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 71285
confirm http://advisories.mageia.org/MGASA-2014-0498.html
debian DSA-3078
mandriva
  • MDVSA-2014:234
  • MDVSA-2015:151
misc https://blog.fuzzing-project.org/2-Buffer-overflow-and-other-minor-issues-in-GnuPG-and-libksba-TFPA-0012014.html
mlist [gnupg-announce] 20141125 [Announce] [security fix] Libksba 1.3.2 for GnuPG released
secunia
  • 60073
  • 60189
  • 60233
ubuntu USN-2427-1
Last major update 18-05-2023 - 18:08
Published 01-12-2014 - 15:59
Last modified 18-05-2023 - 18:08
Back to Top