Buffer overflow in ASN1C in ASN1C - CVE-2016-5080
Published: July 20, 2016
Vulnerability identifier: #VU174
CSH Severity: Critical
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red
CVE-ID: CVE-2016-5080
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Objective Systems, Inc.
Affected software:
ASN1C
ASN1C
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in ASN1C. A remote attacker can cause a buffer overflow in rtxMemHeapAlloc() in the 'asn1rt_a.lib' library by sending a specially crafted ASN.1 data to vulnerable server. The code will run with the privileges of the target application or service using the affected library component.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
The vulnerability exists due to boundary error in ASN1C. A remote attacker can cause a buffer overflow in rtxMemHeapAlloc() in the 'asn1rt_a.lib' library by sending a specially crafted ASN.1 data to vulnerable server. The code will run with the privileges of the target application or service using the affected library component.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2016-5080
The vendor has issued a fix (interim v7.0.1.x).