ID CVE-2016-5080
Summary Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system running an application compiled by ASN1C, via crafted ASN.1 data. <a href="http://cwe.mitre.org/data/definitions/190.html">CWE-190: Integer Overflow or Wraparound</a>
References
Vulnerable Configurations
  • cpe:2.3:a:objective_systems:asn1c:*:*:*:*:*:*:*:*
    cpe:2.3:a:objective_systems:asn1c:*:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 17-10-2018 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 91836
bugtraq 20160719 CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603]
cert-vn VU#790839
cisco 20160721 Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products
confirm
fulldisc 20160725 CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603]
misc
sectrack 1036386
Last major update 17-10-2018 - 01:29
Published 19-07-2016 - 22:59
Last modified 17-10-2018 - 01:29
Back to Top