mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-09 19:17:37 +02:00
0xMarcio
1.1 KiB
1.1 KiB
CVE-2016-5080
Description
Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system running an application compiled by ASN1C, via crafted ASN.1 data.
POC
Reference
- http://packetstormsecurity.com/files/137970/Objective-Systems-Inc.-ASN1C-For-C-C-Heap-Memory-Corruption.html
- http://packetstormsecurity.com/files/137970/Objective-Systems-Inc.-ASN1C-For-C-C-Heap-Memory-Corruption.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html