Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 10 May 2016 20:08:05 +0200
From: Andreas Stieger <>
Subject: CVE request: libksba out-of-bouds read remote DOS issue fixed in

libksba 1.3.4 was released with the following in NEWS:

> * Fixed two OOB read access bugs which could be used to force a DoS.

The first is;a=commit;h=a7eed17a0b2a1c09ef986f3b4b323cd31cea2b64

> Fix possible read access beyond the buffer. > > * src/ber-help.c (_ksba_ber_parse_tl): Add extra sanity check. > *
src/cert.c (ksba_cert_get_cert_policies): Check TLV given length >
against buffer length. > (ksba_cert_get_ext_key_usages): Ditto. > *
src/ocsp.c (parse_asntime_into_isotime): Ditto. > -- > > The returned
length of the object from _ksba_ber_parse_tl (ti.length) > was not
always checked against the actual buffer length, thus leading > to a
read access after the end of the buffer and thus a segv. > >
GnuPG-bug-id: 2344 > Reported-by: Pascal Cuoq > Signed-off-by: Werner
Koch < <>>

The second (6be61daac047d8e6aa941eb103f8e71a1d4e3c75
<;a=commit;h=6be61daac047d8e6aa941eb103f8e71a1d4e3c75>) was already assigned CVE-2016-4574 (incomplete fix for CVE-2016-4356) elsethread.

Could a CVE be assigned to this issue?


Andreas Stieger <>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imend├Ârffer, Jane Smithard, Graham Norton,
HRB 21284 (AG N├╝rnberg)

Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ