Vulnerability Details : CVE-2016-5080
Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system running an application compiled by ASN1C, via crafted ASN.1 data.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2016-5080
- cpe:2.3:a:objective_systems:asn1c:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-5080
0.96%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-5080
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2016-5080
-
https://source.android.com/security/bulletin/2017-01-01.html
Android Security Bulletin—January 2017 | Android Open Source Project
-
http://packetstormsecurity.com/files/137970/Objective-Systems-Inc.-ASN1C-For-C-C-Heap-Memory-Corruption.html
Objective Systems Inc. ASN1C For C/C++ Heap Memory Corruption ≈ Packet Storm
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
CPU Oct 2018
-
http://www.securitytracker.com/id/1036386
ASN1C Buffer Overflow in rtxMemHeapAlloc() Lets Users Execute Arbitrary Code - SecurityTracker
-
http://www.securityfocus.com/bid/91836
Objective Systems ASN1C CVE-2016-5080 Heap Based Buffer Overflow Vulnerability
-
https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/NCSC-2016-0650+1.00+Kwetsbaarheid+verholpen+in+ASN1C.html
Niet gevonden | Nationaal Cyber Security CentrumThird Party Advisory
-
https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080
security-advisories/ObjSys/CVE-2016-5080 at master · programa-stic/security-advisories · GitHubTechnical Description;Third Party Advisory
-
http://www.securityfocus.com/archive/1/538952/100/0/threaded
SecurityFocus
-
http://www.kb.cert.org/vuls/id/790839
VU#790839 - Objective Systems ASN1C generates code that contains a heap overflow vulnerabilityThird Party Advisory;US Government Resource
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160721-asn1c
Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products
-
http://seclists.org/fulldisclosure/2016/Jul/65
Full Disclosure: CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603]
Jump to