Mitel Product Security Advisory 16-0020
Vulnerability in Objective Systems ASN1C (CVE-2016-5080)
Advisory ID: 16-0020
Publish Date: 2016-12-02
A remote code execution vulnerability has been identified in the Objective Systems ASN1C compiler, as referenced in the following CVE:
As per the CVE entry on web.nist.nvd.gov the vulnerability
(An) Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system running an application compiled by ASN1C, via crafted ASN.1 data.
No products have been confirmed as affected:
Products Not Affected
As Mitel does not use the Objective Systems ASN1C compiler for C/C++, no Enterprise products are affected.
CVE-2016-5080 has assigned a CVSS v2 Base Score of 9.8
Mitigation / Recommended Action
No action is currently required
Related CVEs / CWEs / Advisories