{"vuid":"VU#790839","idnumber":"790839","name":"Objective Systems ASN1C generates code that contains a heap overflow vulnerability","keywords":["asn1","heap overflow","CWE-122"],"overview":"ASN.1 is a standard representation of data for networking and telecommunications applications. Objective System's ASN1C compiler generates C and C++ code that may be vulnerable to heap overflow.","clean_desc":"CWE-122: Heap-based Buffer Overflow - CVE-2016-5080 ASN1C is used to generate high-level-language code from ASN.1 syntax. According to the reporter, the generated C and C++ code from ASN1C may be vulnerable to heap overflow in the generated heap manager's rtxMemHeapAlloc function. It is currently unclear if a similar vulnerability exists in other output languages such as Java. and C#. A remote unauthenticated attacker may be able to exploit the heap overflow to execute arbitrary code on the underlying system, but the availability of this exploit depends on whether the application utilizes the rtxMemHeapAlloc function in an unsafe way. In particular, the application would likely need to process ASN.1 data from untrusted sources to be vulnerable. Developers making use of ASN1C in their products should audit their code to determine if their application is vulnerable. The CVSS score below reflects a worst-case scenario, and may not apply to all instances. The researcher has more information available in a security advisory.","impact":"The impact may vary depending on how the vulnerable code is used in an application. In worst case, an application that utilizes ASN.1 data from untrusted sources may be exploited by a remote unauthenticated attacker to execute arbitrary code with permissions of the application (typically root/SYSTEM).","resolution":"Apply an update Objective Systems has released a hotfix for the ASN1C 7.0.1.x series to correct this flaw. Customers using the vulnerable features should contact Objective Systems directly to request the hotfix. Customers may also alternately use a different heap manager, or edit the generated code by hand to remove the heap overflow. ASN1C version 7.0.2 will contain the fix for all customers, but its release date is currently not set.","workarounds":"","sysaffected":"The vendors listed below were primarily sourced from Object","thanks":"Thanks to Lucas Molas and Ivan Arce of \nPrograma STIC at the FundaciĆ³n Sadosky\n for researching and coordinating this vulnerability.","author":"This document was written by Garret Wassermann.","public":["https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080","http://www.fundacionsadosky.org.ar/publicaciones/","http://cwe.mitre.org/data/definitions/122.html","https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/NCSC-2016-0650+1.00+Kwetsbaarheid+verholpen+in+ASN1C.html"],"cveids":["CVE-2016-5080"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2016-06-20T18:48:41Z","publicdate":"2016-07-18T00:00:00Z","datefirstpublished":"2016-07-19T15:39:20Z","dateupdated":"2016-08-26T18:07:31Z","revision":53,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"TF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"9.3","cvss_basevector":"AV:N/AC:M/Au:N/C:C/I:C/A:C","cvss_temporalscore":"7.1","cvss_environmentalscore":"5.3543334096","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}