CVE-2022-47629

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
gnupglibksba
𝑥
< 1.6.3
debiandebian_linux
10.0
debiandebian_linux
11.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libksba
bullseye (security)
1.5.0-3+deb11u2
fixed
bullseye
1.5.0-3+deb11u2
fixed
bookworm
1.6.3-2
fixed
sid
1.6.7-2
fixed
trixie
1.6.7-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libksba
lunar
Fixed 1.6.3-2
released
kinetic
Fixed 1.6.0-3ubuntu1.1
released
jammy
Fixed 1.6.0-2ubuntu0.2
released
focal
Fixed 1.3.5-2ubuntu0.20.04.2
released
bionic
Fixed 1.3.5-2ubuntu0.18.04.2
released
xenial
Fixed 1.3.3-1ubuntu0.16.04.1+esm2
released
trusty
Fixed 1.3.0-3ubuntu0.14.04.2+esm2
released
Common Weakness Enumeration
References
https://dev.gnupg.org/T6284
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070
https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html
https://security.gentoo.org/glsa/202212-07
https://security.netapp.com/advisory/ntap-20230316-0011/
https://www.debian.org/security/2022/dsa-5305
https://dev.gnupg.org/T6284
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070
https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html
https://security.gentoo.org/glsa/202212-07
https://security.netapp.com/advisory/ntap-20230316-0011/
https://www.debian.org/security/2022/dsa-5305