CVE-2016-5080 - Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C+

CVE-2016-5080

Summary

Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system running an application compiled by ASN1C, via crafted ASN.1 data. <a href="http://cwe.mitre.org/data/definitions/190.html">CWE-190: Integer Overflow or Wraparound</a>

References

Vulnerable Configurations

cpe:2.3:a:objective_systems:asn1c:*:*:*:*:*:*:*:*
cpe:2.3:a:objective_systems:asn1c:*:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 17-10-2018 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	91836
bugtraq	20160719 CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603]
cert-vn	VU#790839
cisco	20160721 Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products
confirm	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://source.android.com/security/bulletin/2017-01-01.html
fulldisc	20160725 CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603]
misc	http://packetstormsecurity.com/files/137970/Objective-Systems-Inc.-ASN1C-For-C-C-Heap-Memory-Corruption.html https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080 https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/NCSC-2016-0650+1.00+Kwetsbaarheid+verholpen+in+ASN1C.html
sectrack	1036386

Last major update

17-10-2018 - 01:29

Published

19-07-2016 - 22:59

Last modified

17-10-2018 - 01:29