Main Vulnerability Database SB2016072010

SB2016072010 - Buffer overflow in ASN1C in ASN1C

Published: July 20, 2016 Updated: July 20, 2016

Security Bulletin ID SB2016072010

CSH Severity

Critical

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Buffer overflow in ASN1C (CVE-ID: CVE-2016-5080)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in ASN1C. A remote attacker can cause a buffer overflow in rtxMemHeapAlloc() in the 'asn1rt_a.lib' library by sending a specially crafted ASN.1 data to vulnerable server. The code will run with the privileges of the target application or service using the affected library component.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080