Vulnerability Note VU#790839
Objective Systems ASN1C generates code that contains a heap overflow vulnerability
ASN.1 is a standard representation of data for networking and telecommunications applications. Objective System's ASN1C compiler generates C and C++ code that may be vulnerable to heap overflow.
CWE-122: Heap-based Buffer Overflow - CVE-2016-5080
ASN1C is used to generate high-level-language code from ASN.1 syntax. According to the reporter, the generated C and C++ code from ASN1C may be vulnerable to heap overflow in the generated heap manager's rtxMemHeapAlloc function. It is currently unclear if a similar vulnerability exists in other output languages such as Java. and C#.
The impact may vary depending on how the vulnerable code is used in an application. In worst case, an application that utilizes ASN.1 data from untrusted sources may be exploited by a remote unauthenticated attacker to execute arbitrary code with permissions of the application (typically root/SYSTEM).
Apply an update
Vendor Information (Learn More)
The vendors listed below were primarily sourced from Objective Systems' customer list. The CERT/CC has no further evidence that any particular vendor is impacted unless marked Affected; vendors are encouraged to reach out to us to clarify their status.
|Vendor||Status||Date Notified||Date Updated|
|Objective Systems||Affected||-||20 Jun 2016|
|Check Point Software Technologies||Not Affected||-||29 Jul 2016|
|Hewlett Packard Enterprise||Not Affected||20 Jun 2016||01 Jul 2016|
|Honeywell||Not Affected||20 Jun 2016||07 Jul 2016|
|Huawei Technologies||Not Affected||20 Jun 2016||29 Jul 2016|
|Juniper Networks||Not Affected||26 Aug 2016||26 Aug 2016|
|QUALCOMM Incorporated||Not Affected||20 Jun 2016||22 Aug 2016|
|Siemens||Not Affected||19 Jul 2016||20 Jul 2016|
|Alcatel-Lucent||Unknown||20 Jun 2016||20 Jun 2016|
|AT&T||Unknown||20 Jun 2016||20 Jun 2016|
|BAE Systems||Unknown||19 Jul 2016||19 Jul 2016|
|Booz Allen Hamilton||Unknown||19 Jul 2016||19 Jul 2016|
|Broadcom||Unknown||20 Jun 2016||20 Jun 2016|
|BT||Unknown||20 Jun 2016||20 Jun 2016|
|Cisco||Unknown||20 Jun 2016||20 Jun 2016|
CVSS Metrics (Learn More)
Thanks to Lucas Molas and Ivan Arce of Programa STIC at the Fundación Sadosky for researching and coordinating this vulnerability.
This document was written by Garret Wassermann.
- CVE IDs: CVE-2016-5080
- Date Public: 18 Jul 2016
- Date First Published: 19 Jul 2016
- Date Last Updated: 26 Aug 2016
- Document Revision: 52
If you have feedback, comments, or additional information about this vulnerability, please send us email.