Base Score

CRITICAL9.8

CVE-2022-47629

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.

VectorNETWORK

Published Bycve@mitre.org

Published DateDec 20, 2022, 23:15

Weakness Type (CWE):CWE-190

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

https://dev.gnupg.org/T6284
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070
https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html
https://security.gentoo.org/glsa/202212-07
https://security.netapp.com/advisory/ntap-20230316-0011/
https://www.debian.org/security/2022/dsa-5305

Base Score

CRITICAL9.8

Weakness Type (CWE):CWE-190

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH