CVE-2022-3515

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.

References

Affected packages

Git / git.gnupg.org/gpg4win.git

Affected ranges

Type

GIT

Repo

git://git.gnupg.org/gpg4win.git

Events

Introduced

a6998b198f8af3141887feb4e1493eea734cfe22

Fixed

e9684ee75cb7481f5130d18f150013094a382e0a

Introduced

e62daa2720b88d4a30a3c2722e9a0ccd32ca7b8d

Fixed

e85f89164264946034b5f26d3153c117c8dc99cc

Database specific

{
    "versions": [
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "4.1.0"
        },
        {
            "introduced": "3.1.16"
        },
        {
            "fixed": "3.1.26"
        }
    ]
}

Type

GIT

Repo

https://github.com/gpg/libksba

Events

Introduced

Fixed

bffa9b346071725363a483db547e7dced9721cb5

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.6.3"
        }
    ]
}

Affected versions

Other

debian/V0-0-0

debian/V0-2-0

debian/V0-2-1

debian/V0-2-2

debian/V0-2-3

debian/V0-4-0

debian/V0-4-1

debian/V0-4-2

debian/V0-4-3

debian/V0-4-4

debian/V0-4-5

debian/libksba-0-4-6

debian/libksba-0-4-7

debian/libksba-0-9-0

debian/libksba-0-9-1

debian/libksba-0-9-10

debian/libksba-0-9-11

debian/libksba-0-9-12

debian/libksba-0-9-2

debian/libksba-0-9-3

debian/libksba-0-9-4

debian/libksba-0-9-5

debian/libksba-0-9-6

debian/libksba-0-9-7

debian/libksba-0-9-8

debian/libksba-0-9-9

debian/libksba-0.*

debian/libksba-0.9.13

debian/libksba-0.9.14

debian/libksba-0.9.15

debian/libksba-0.9.16

debian/libksba-1.*

debian/libksba-1.0.1

debian/libksba-1.0.2

debian/libksba-1.0.3

debian/libksba-1.0.4

debian/libksba-1.0.5

debian/libksba-1.0.6

debian/libksba-1.0.7

debian/libksba-1.0.8

debian/libksba-1.1.0

gpg4win-2.*

gpg4win-2.0.0

gpg4win-2.0.1

gpg4win-2.0.2rc2

gpg4win-2.1.0

gpg4win-2.1.0-beta1

gpg4win-2.1.0-rc1

gpg4win-2.1.0-rc2

gpg4win-2.1.1

gpg4win-2.1.1-34299-beta

gpg4win-2.2.0

gpg4win-2.2.1

gpg4win-2.2.2

gpg4win-2.2.3

gpg4win-2.2.4

gpg4win-2.2.5

gpg4win-2.2.6

gpg4win-2.3.0

gpg4win-2.3.1

gpg4win-3.*

gpg4win-3.0.0

gpg4win-3.0.1

gpg4win-3.0.2

gpg4win-3.0.3

gpg4win-3.1.0

gpg4win-3.1.1

gpg4win-3.1.10

gpg4win-3.1.11

gpg4win-3.1.12

gpg4win-3.1.13

gpg4win-3.1.14

gpg4win-3.1.15

gpg4win-3.1.16

gpg4win-3.1.17

gpg4win-3.1.18

gpg4win-3.1.19

gpg4win-3.1.2

gpg4win-3.1.20

gpg4win-3.1.21

gpg4win-3.1.22

gpg4win-3.1.23

gpg4win-3.1.24

gpg4win-3.1.25

gpg4win-3.1.3

gpg4win-3.1.4

gpg4win-3.1.5

gpg4win-3.1.6

gpg4win-3.1.7

gpg4win-3.1.8

gpg4win-3.1.9

gpg4win-4.*

gpg4win-4.0-base

gpg4win-4.0.0

gpg4win-4.0.1

gpg4win-4.0.2

gpg4win-4.0.3

gpg4win-4.0.4

gpg4win-compendium-de-3.*

gpg4win-compendium-de-3.0.0

gpg4win-compendium-de-3.0.0-beta3

gpg4win-compendium-de-3.0.0-beta4

gpg4win-compendium-en-3.*

gpg4win-compendium-en-3.0.0

libksba-1.*

libksba-1.2.0

libksba-1.3.0

libksba-1.3.1

libksba-1.3.2

libksba-1.3.3

libksba-1.3.4

libksba-1.3.5

libksba-1.4.0

libksba-1.5.0

libksba-1.5.1

libksba-1.6.0

libksba-1.6.1

libksba-1.6.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3515.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "2.1.0"
            },
            {
                "fixed": "2.2.41"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "2.3.0"
            },
            {
                "fixed": "2.4.0"
            }
        ]
    }
]