{"id":"CVE-2022-3515","details":"A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.","modified":"2026-04-10T04:48:57.989516Z","published":"2023-01-12T15:15:10.187Z","related":["ALSA-2022:7089","ALSA-2022:7090","CGA-hj23-xhx9-j523","MGASA-2022-0404","SUSE-SU-2022:3681-1","SUSE-SU-2022:3683-1","openSUSE-SU-2024:12418-1"],"references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230706-0008/"},{"type":"ADVISORY","url":"https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135610"},{"type":"FIX","url":"https://access.redhat.com/security/cve/CVE-2022-3515"},{"type":"FIX","url":"https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b"}],"affected":[{"ranges":[{"type":"GIT","repo":"git://git.gnupg.org/gpg4win.git","events":[{"introduced":"a6998b198f8af3141887feb4e1493eea734cfe22"},{"fixed":"e9684ee75cb7481f5130d18f150013094a382e0a"},{"introduced":"e62daa2720b88d4a30a3c2722e9a0ccd32ca7b8d"},{"fixed":"e85f89164264946034b5f26d3153c117c8dc99cc"}],"database_specific":{"versions":[{"introduced":"2.0.0"},{"fixed":"4.1.0"},{"introduced":"3.1.16"},{"fixed":"3.1.26"}]}},{"type":"GIT","repo":"https://github.com/gpg/libksba","events":[{"introduced":"0"},{"fixed":"bffa9b346071725363a483db547e7dced9721cb5"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.6.3"}]}}],"versions":["debian/V0-0-0","debian/V0-2-0","debian/V0-2-1","debian/V0-2-2","debian/V0-2-3","debian/V0-4-0","debian/V0-4-1","debian/V0-4-2","debian/V0-4-3","debian/V0-4-4","debian/V0-4-5","debian/libksba-0-4-6","debian/libksba-0-4-7","debian/libksba-0-9-0","debian/libksba-0-9-1","debian/libksba-0-9-10","debian/libksba-0-9-11","debian/libksba-0-9-12","debian/libksba-0-9-2","debian/libksba-0-9-3","debian/libksba-0-9-4","debian/libksba-0-9-5","debian/libksba-0-9-6","debian/libksba-0-9-7","debian/libksba-0-9-8","debian/libksba-0-9-9","debian/libksba-0.9.13","debian/libksba-0.9.14","debian/libksba-0.9.15","debian/libksba-0.9.16","debian/libksba-1.0.1","debian/libksba-1.0.2","debian/libksba-1.0.3","debian/libksba-1.0.4","debian/libksba-1.0.5","debian/libksba-1.0.6","debian/libksba-1.0.7","debian/libksba-1.0.8","debian/libksba-1.1.0","gpg4win-2.0.0","gpg4win-2.0.1","gpg4win-2.0.2rc2","gpg4win-2.1.0","gpg4win-2.1.0-beta1","gpg4win-2.1.0-rc1","gpg4win-2.1.0-rc2","gpg4win-2.1.1","gpg4win-2.2.0","gpg4win-2.2.1","gpg4win-2.2.2","gpg4win-2.2.3","gpg4win-2.2.4","gpg4win-2.2.5","gpg4win-3.0.0","gpg4win-3.0.1","gpg4win-3.0.2","gpg4win-3.0.3","gpg4win-3.1.0","gpg4win-3.1.1","gpg4win-3.1.10","gpg4win-3.1.11","gpg4win-3.1.12","gpg4win-3.1.13","gpg4win-3.1.14","gpg4win-3.1.15","gpg4win-3.1.2","gpg4win-3.1.20","gpg4win-3.1.21","gpg4win-3.1.22","gpg4win-3.1.23","gpg4win-3.1.24","gpg4win-3.1.25","gpg4win-3.1.26","gpg4win-3.1.3","gpg4win-3.1.4","gpg4win-3.1.5","gpg4win-3.1.8","gpg4win-3.1.9","gpg4win-3.2-base","gpg4win-4.0-base","gpg4win-4.0.0","gpg4win-4.0.1","gpg4win-4.0.2","gpg4win-4.0.3","gpg4win-4.0.4","gpg4win-compendium-de-3.0.0","gpg4win-compendium-de-3.0.0-beta3","gpg4win-compendium-de-3.0.0-beta4","gpg4win-compendium-en-3.0.0","libksba-1.2.0","libksba-1.3.0","libksba-1.3.1","libksba-1.3.2","libksba-1.3.3","libksba-1.3.4","libksba-1.3.5","libksba-1.4.0","libksba-1.5.0","libksba-1.5.1","libksba-1.6.0","libksba-1.6.1","libksba-1.6.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3515.json","unresolved_ranges":[{"events":[{"introduced":"2.1.0"},{"fixed":"2.2.41"}]},{"events":[{"introduced":"2.3.0"},{"fixed":"2.4.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}