Security
Security
An integer overflow vulnerability has been found in libksba which could result in remote code execution.
| Package | dev-libs/libksba on all architectures |
|---|---|
| Affected versions | < 1.6.2 |
| Unaffected versions | >= 1.6.2 |
Libksba is a X.509 and CMS (PKCS#7) library.
An integer overflow in parsing ASN.1 objects could lead to a buffer overflow.
Crafted ASN.1 objects could trigger an integer overflow and buffer overflow to result in remote code execution.
There is no known workaround at this time.
All libksba users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libksba-1.6.2"
Release date
October 31, 2022
Latest revision
October 31, 2022: 1
Severity
high
Exploitable
remote
Bugzilla entries