9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.013 Low
EPSS
Percentile
85.7%
ASN.1 is a standard representation of data for networking and telecommunications applications. Objective System’s ASN1C compiler generates C and C++ code that may be vulnerable to heap overflow.
CWE-122**: Heap-based Buffer Overflow -**CVE-2016-5080
ASN1C is used to generate high-level-language code from ASN.1 syntax. According to the reporter, the generated C and C++ code from ASN1C may be vulnerable to heap overflow in the generated heap manager’s rtxMemHeapAlloc
function. It is currently unclear if a similar vulnerability exists in other output languages such as Java. and C#.
A remote unauthenticated attacker may be able to exploit the heap overflow to execute arbitrary code on the underlying system, but the availability of this exploit depends on whether the application utilizes the rtxMemHeapAlloc
function in an unsafe way. In particular, the application would likely need to process ASN.1 data from untrusted sources to be vulnerable. Developers making use of ASN1C in their products should audit their code to determine if their application is vulnerable. The CVSS score below reflects a worst-case scenario, and may not apply to all instances.
The researcher has more information available in a security advisory.
The impact may vary depending on how the vulnerable code is used in an application. In worst case, an application that utilizes ASN.1 data from untrusted sources may be exploited by a remote unauthenticated attacker to execute arbitrary code with permissions of the application (typically root/SYSTEM).
Apply an update
Objective Systems has released a hotfix for the ASN1C 7.0.1.x series to correct this flaw. Customers using the vulnerable features should contact Objective Systems directly to request the hotfix. Customers may also alternately use a different heap manager, or edit the generated code by hand to remove the heap overflow.
ASN1C version 7.0.2 will contain the fix for all customers, but its release date is currently not set.
The vendors listed below were primarily sourced from Objective Systems’ customer list. The CERT/CC has no further evidence that any particular vendor is impacted unless marked Affected; vendors are encouraged to reach out to us to clarify their status.
790839
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: June 20, 2016
Affected
We have not received a statement from the vendor.
Affected customers should contact Objective Systems to obtain a hotfix for ASN1C version 7.0.1.x.
The vulnerability will be fully corrected when version 7.0.2 is released. Currently there is no estimated release date for version 7.0.2.
Updated: July 29, 2016
Statement Date: July 28, 2016
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 20, 2016 Updated: July 01, 2016
Statement Date: June 30, 2016
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 20, 2016 Updated: July 07, 2016
Statement Date: July 07, 2016
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 20, 2016 Updated: July 29, 2016
Statement Date: July 28, 2016
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 26, 2016 Updated: August 26, 2016
Statement Date: August 26, 2016
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 20, 2016 Updated: August 22, 2016
Statement Date: July 21, 2016
Not Affected
"We have determined that the products designed by Qualcomm Technologies Inc. (QTI) to interface with the Objective Systems ASN.1 module at issue properly implemented size checks. Thus, the integer overflow vulnerability that can further lead to a heap-based buffer overflow is mitigated and we believe is not exploitable through QTI's implementations."
We are not aware of further vendor information regarding this vulnerability.
While Qualcomm uses the vulnerable module in their cellular protocol software, current analysis suggests they are not impacted by this vulnerability.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23790839 Feedback>).
Notified: July 19, 2016 Updated: July 20, 2016
Statement Date: July 20, 2016
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 20, 2016 Updated: June 20, 2016
Unknown
We have not received a statement from the vendor.
Notified: June 20, 2016 Updated: June 20, 2016
Unknown
We have not received a statement from the vendor.
Notified: July 19, 2016 Updated: July 19, 2016
Unknown
We have not received a statement from the vendor.
Notified: June 20, 2016 Updated: June 20, 2016
Unknown
We have not received a statement from the vendor.
Notified: July 19, 2016 Updated: July 19, 2016
Unknown
We have not received a statement from the vendor.
Notified: June 20, 2016 Updated: June 20, 2016
Unknown
We have not received a statement from the vendor.
Notified: June 20, 2016 Updated: June 20, 2016
Unknown
We have not received a statement from the vendor.
Notified: June 20, 2016 Updated: June 20, 2016
Unknown
We have not received a statement from the vendor.
Notified: July 19, 2016 Updated: July 19, 2016
Unknown
We have not received a statement from the vendor.
Notified: June 20, 2016 Updated: June 20, 2016
Unknown
We have not received a statement from the vendor.
Notified: June 20, 2016 Updated: June 20, 2016
Unknown
We have not received a statement from the vendor.
Notified: June 20, 2016 Updated: June 20, 2016
Unknown
We have not received a statement from the vendor.
Notified: July 19, 2016 Updated: July 19, 2016
Unknown
We have not received a statement from the vendor.
Notified: June 20, 2016 Updated: June 20, 2016
Unknown
We have not received a statement from the vendor.
Notified: June 20, 2016 Updated: June 20, 2016
Unknown
We have not received a statement from the vendor.
Notified: June 20, 2016 Updated: June 20, 2016
Unknown
We have not received a statement from the vendor.
Notified: June 20, 2016 Updated: June 20, 2016
Unknown
We have not received a statement from the vendor.
Notified: June 20, 2016 Updated: June 20, 2016
Unknown
We have not received a statement from the vendor.
Notified: June 20, 2016 Updated: June 20, 2016
Unknown
We have not received a statement from the vendor.
Notified: June 20, 2016 Updated: June 20, 2016
Unknown
We have not received a statement from the vendor.
Notified: June 20, 2016 Updated: June 20, 2016
Unknown
We have not received a statement from the vendor.
Notified: June 20, 2016 Updated: June 20, 2016
Unknown
We have not received a statement from the vendor.
Notified: July 19, 2016 Updated: July 19, 2016
Unknown
We have not received a statement from the vendor.
Notified: July 21, 2016 Updated: July 21, 2016
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 20, 2016 Updated: June 20, 2016
Unknown
We have not received a statement from the vendor.
Notified: June 20, 2016 Updated: June 20, 2016
Unknown
We have not received a statement from the vendor.
Notified: June 20, 2016 Updated: June 20, 2016
Unknown
We have not received a statement from the vendor.
Notified: June 20, 2016 Updated: June 20, 2016
Unknown
We have not received a statement from the vendor.
Notified: July 19, 2016 Updated: July 19, 2016
Unknown
We have not received a statement from the vendor.
View all 37 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Temporal | 7.1 | E:U/RL:TF/RC:C |
Environmental | 5.4 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
Thanks to Lucas Molas and Ivan Arce of Programa STIC at the Fundación Sadosky for researching and coordinating this vulnerability.
This document was written by Garret Wassermann.
CVE IDs: | CVE-2016-5080 |
---|---|
Date Public: | 2016-07-18 Date First Published: |
cwe.mitre.org/data/definitions/122.html
www.fundacionsadosky.org.ar/publicaciones/
github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080
www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/NCSC-2016-0650+1.00+Kwetsbaarheid+verholpen+in+ASN1C.html
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.013 Low
EPSS
Percentile
85.7%