CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2022-3515

CVSS 9.8v3.1pub. 2023-01-12upd. 2025-04-08

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Gnupg

    APP
    Gnupg
    2.1.0 – 2.2.41 (bez)2.3.0 – 2.4.0 (bez)
  • Gnupg Libksba

    APP
    Gnupg
    < 1.6.3
  • Gnupg Vs Desktop

    APP
    Gnupg
    3.1.16 – 3.1.26 (bez)
  • Gpg4win

    APP
    Gpg4Win
    2.0.0 – 4.1.0 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2022-47629CRITICAL9.8ten sam produkt

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.

CVE-2026-24882HIGH8.4ten sam produkt

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT co...

CVE-2026-24881HIGH8.1ten sam produkt

In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key...

CVE-2025-68973HIGH7.8ten sam produkt

In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intend...

CVE-2020-25125HIGH7.8ten sam produkt

GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified...