JLSEC-2025-93

See a problem?
Please try reporting it to the source first.

Source

https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2025/JLSEC-2025-93.md

Import Source

https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-93.json

JSON Data

https://api.osv.dev/v1/vulns/JLSEC-2025-93

Upstream

CVE-2022-3515

Published

2025-10-17T22:31:47.919Z

Modified

2025-11-06T23:03:09.542138Z

Summary

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser

Details

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.

Database specific

{
    "sources": [
        {
            "published": "2023-01-12T15:15:10.187Z",
            "id": "CVE-2022-3515",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3515",
            "imported": "2025-10-17T20:30:39.146Z",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-3515",
            "modified": "2025-04-08T16:15:19.830Z"
        }
    ],
    "license": "CC-BY-4.0"
}

References

Affected packages

Julia / GnuPG_jll

Package

Name: GnuPG_jll
Purl: pkg:julia/GnuPG_jll?uuid=1522389b-45f8-5faa-af4d-a301b79c50ac

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.7+0

Julia / Libksba_jll

Package

Name: Libksba_jll
Purl: pkg:julia/Libksba_jll?uuid=52a58d30-3731-5a3f-8361-26ffb4f63669

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.7+0