Off-by-one error in the appendutf8value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "libksba-dev", "binary_version": "1.3.0-3ubuntu0.14.04.2" }, { "binary_name": "libksba8", "binary_version": "1.3.0-3ubuntu0.14.04.2" }, { "binary_name": "libksba8-dbgsym", "binary_version": "1.3.0-3ubuntu0.14.04.2" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "libksba-dev", "binary_version": "1.3.3-1ubuntu0.16.04.1" }, { "binary_name": "libksba8", "binary_version": "1.3.3-1ubuntu0.16.04.1" }, { "binary_name": "libksba8-dbgsym", "binary_version": "1.3.3-1ubuntu0.16.04.1" } ] }