CVE-2022-3515 - Remote Code Execution (RCE)

Severity: none2023-11-06

Security Advisories

Abstract

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.

The Oxygen products incorporate Libksb as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Content Fusion v5.0.1 and olderNone Oxygen Content Fusion 6.0 build 2023110109

Mitigation

None

Detail

CVE-2022-3515

Severity: Critical

CVSS Score: 9.8

The Libksba third-party library used by Oxygen XML products is an affected version mentioned in CVE-2022-3515 vulnerability description. However, since Oxygen products does not use Libksb library at runtime, this vulnerability does not affect Oxygen products and will be removed in future versions.

Starting with Oxygen Content Fusion v6.0 build 2023110109 Libksb library was removed.

List of Security Advisories