CRITICAL✓ PATCH🇬🇧 English

CVE-2022-3515

CVSS 9.8v3.1pub. 2023-01-12upd. 2025-04-08

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Gnupg

    APP
    Gnupg
    2.1.0 – 2.2.41 (bez)2.3.0 – 2.4.0 (bez)
  • Gnupg Libksba

    APP
    Gnupg
    < 1.6.3
  • Gnupg Vs Desktop

    APP
    Gnupg
    3.1.16 – 3.1.26 (bez)
  • Gpg4win

    APP
    Gpg4Win
    2.0.0 – 4.1.0 (bez)
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2022-47629CRITICAL9.8ten sam produkt

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.

CVE-2026-24882HIGH8.4ten sam produkt

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT co...

CVE-2026-24881HIGH8.1ten sam produkt

In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key...

CVE-2025-68973HIGH7.8ten sam produkt

In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intend...

CVE-2020-25125HIGH7.8ten sam produkt

GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified...