CVE-2022-3515

Name
CVE-2022-3515
Description
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b
MISC https://access.redhat.com/security/cve/CVE-2022-3515
MISC https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html
MISC https://bugzilla.redhat.com/show_bug.cgi?id=2135610
CONFIRM https://security.netapp.com/advisory/ntap-20230706-0008/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:libksba_project:libksba:*:*:*:*:*:*:*:* libksba >= None < 1.6.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libksba 3.14-main 1.5.1-r1 Natanael Copa <ncopa@alpinelinux.org> fixed