CVE-2022-3515

Updated: 2023-11-28 12:03:18.557099

Description:

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU gnupg2 2.3.3 9.8 CRITICAL Not Vulnerable 2023-11-28 13:10:16
AlmaLinux 9.2 ESU libksba 1.5.1 9.8 CRITICAL Already Fixed 2023-11-29 10:08:25
CentOS 6 ELS libksba 1.0.7 9.8 CRITICAL Released CLSA-2023:1701445092 2023-12-11 08:41:49
CentOS 7 ELS gnupg2 2.0.22 9.8 CRITICAL Not Vulnerable 2023-11-28 13:10:16
CentOS 7 ELS libksba 1.3.0 9.8 CRITICAL Already Fixed 2023-11-29 10:08:24
CentOS 8.4 ELS gnupg2 2.2.20 9.8 CRITICAL Not Vulnerable 2023-11-28 13:10:16
CentOS 8.4 ELS libksba 1.3.5 9.8 CRITICAL Released CLSA-2023:1701445345 2023-12-01 13:09:20
CentOS 8.5 ELS gnupg2 2.2.20 9.8 CRITICAL Not Vulnerable 2023-11-28 13:10:15
CentOS 8.5 ELS libksba 1.3.5 9.8 CRITICAL Released CLSA-2023:1701445586 2023-12-01 13:09:19
CloudLinux 6 ELS libksba 1.0.7 9.8 CRITICAL Released CLSA-2023:1701446240 2023-12-11 08:41:48
Total: 16