Objective Systems ASN1C Heap Buffer Overflow Vulnerability (CVE-2016-5080)

Objective Systems ASN1C Heap Buffer Overflow Vulnerability (CVE-2016-5080)
Objective Systems ASN1C Heap Buffer Overflow Vulnerability (CVE-2016-5080)

Release date:
Updated on:

Affected Systems:

Objective Systems ASN1C for C/C++ < 7.0.2
Objective Systems ASN1C for C/C++

Description:

CVE (CAN) ID: CVE-2016-5080

ASN.1 is a set of standards that describe the representation, encoding, transmission, and decoding of data. ASN1C can generate advanced language code according to ASN.1 syntax.

ASN1C for C/C ++ <7.0.2, The asn1rt_a.lib/rtxMemHeapAlloc function has the integer overflow vulnerability. Attackers with independent context can execute arbitrary code or cause DoS by constructing ASN.1 data.

<* Source: vendor
*>

Suggestion:

Vendor patch:

Objective Systems
-----------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.obj-sys.com/

Refer:

Https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080
Http://www.fundacionsadosky.org.ar/publicaciones/
Http://cwe.mitre.org/data/definitions/122.html
Https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/NCSC-2016-0650+1.00+Kwetsbaarheid+verholpen+in+ASN1C.html

This article permanently updates the link address: