QwikSec

Security Database

CVE

CWE

Training

CVE-2016-5080

Published: Jul 19, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system running an application compiled by ASN1C, via crafted ASN.1 data.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://source.android.com/security/bulletin/2017-01-01.html

x_refsource_CONFIRM

20160719 CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603]

mailing-list

x_refsource_BUGTRAQ

https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080

x_refsource_MISC

third-party-advisory

x_refsource_CERT-VN

https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/NCSC-2016-0650+1.00+Kwetsbaarheid+verholpen+in+ASN1C.html

x_refsource_MISC

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

http://packetstormsecurity.com/files/137970/Objective-Systems-Inc.-ASN1C-For-C-C-Heap-Memory-Corruption.html

x_refsource_MISC

20160725 CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603]

mailing-list

x_refsource_FULLDISC

vdb-entry

x_refsource_BID

20160721 Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products

vendor-advisory

x_refsource_CISCO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.