CVE-2022-47629

Name
CVE-2022-47629
Description
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://dev.gnupg.org/T6284
MISC https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070
DEBIAN https://www.debian.org/security/2022/dsa-5305
MLIST https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html
GENTOO https://security.gentoo.org/glsa/202212-07
CONFIRM https://security.netapp.com/advisory/ntap-20230316-0011/
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gnupg:libksba:*:*:*:*:*:*:*:* libksba >= None < 1.6.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libksba 3.14-main 1.5.1-r1 Natanael Copa <ncopa@alpinelinux.org> fixed