Americas
Oceania
Sélectionnez la région / le pays / la langue
Advisory ID: 16-0020
Publish Date: 2016-12-02
Revision: 1.0
Summary
A remote code execution vulnerability has been identified in the Objective Systems ASN1C compiler, as referenced in the following CVE:
Detailed Description
As per the CVE entry on web.nist.nvd.gov the vulnerability
(An) Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system running an application compiled by ASN1C, via crafted ASN.1 data.
Affected Products
No products have been confirmed as affected:
Products Not Affected
As Mitel does not use the Objective Systems ASN1C compiler for C/C++, no Enterprise products are affected.
Risk Assessment
CVE-2016-5080 has assigned a CVSS v2 Base Score of 9.8
Mitigation / Recommended Action
No action is currently required
External References
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5080
Related CVEs / CWEs / Advisories
CVE-2016-5080
CWE-190