Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2014-9087

Published: 01/12/2014 Updated: 18/05/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Mageia

Vulnerability Summary

Integer underflow in the ksba_oid_to_str function in Libksba prior to 1.3.2, as used in GnuPG, allows remote malicious users to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mageia mageia 3.0

mageia mageia 4.0

debian debian linux 8.0

debian debian linux 7.0

gnupg libksba

canonical ubuntu linux 14.10

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

gnupg gnupg 2.1.0

Vendor Advisories

Debian CVElist Bug Report Logs: libksba: CVE-2014-9087: buffer overflow in ksba_oid_to_str
Debian Bug report logs - #770972 libksba: CVE-2014-9087: buffer overflow in ksba_oid_to_str Package: src:libksba; Maintainer for src:libksba is Debian GnuTLS Maintainers <pkg-gnutls-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 25 Nov 2014 15:18:13 UTC Severity: grav ...
Ubuntu Security Notice: libksba vulnerability
Libksba could be made to crash or run programs if it opened a specially crafted file ...
Debian Security Advisories: DSA-3078-1 libksba -- security update
An integer underflow flaw, leading to a heap-based buffer overflow, was found in the ksba_oid_to_str() function of libksba, an X509 and CMS (PKCS#7) library By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could cause an application using libksba to crash (denial of service), or ...

References

CWE-191http://secunia.com/advisories/60189http://secunia.com/advisories/60073http://secunia.com/advisories/60233https://blog.fuzzing-project.org/2-Buffer-overflow-and-other-minor-issues-in-GnuPG-and-libksba-TFPA-0012014.htmlhttp://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.htmlhttp://www.ubuntu.com/usn/USN-2427-1http://www.debian.org/security/2014/dsa-3078http://advisories.mageia.org/MGASA-2014-0498.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2014:234http://www.mandriva.com/security/advisories?name=MDVSA-2015:151http://www.securityfocus.com/bid/71285https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770972https://usn.ubuntu.com/2427-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook