libksba: Remote Code Execution

libksba: Remote Code Execution An integer overflow vulnerability has been found in libksba which could result in remote code execution. libksba 2022-12-28 2022-12-28 877453 remote 1.6.3 1.6.3

Libksba is a X.509 and CMS (PKCS#7) library.

An integer overflow in parsing ASN.1 objects could lead to a buffer overflow.

Crafted ASN.1 objects could trigger an integer overflow and buffer overflow to result in remote code execution.

There is no known workaround at this time.

All libksba users should upgrade to the latest version:


          # emerge --sync
          # emerge --ask --oneshot --verbose ">=dev-libs/libksba-1.6.3"

CVE-2022-3515 CVE-2022-47629 ajak ajak