Mitel Product Security Advisory 16-0020

Vulnerability in Objective Systems ASN1C (CVE-2016-5080)

Advisory ID: 16-0020
Publish Date: 2016-12-02
Revision: 1.0

Summary

A remote code execution vulnerability has been identified in the Objective Systems ASN1C compiler, as referenced in the following CVE:

  • CVE-2016-5080

Detailed Description

As per the CVE entry on web.nist.nvd.gov the vulnerability

(An) Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system running an application compiled by ASN1C, via crafted ASN.1 data.

Affected Products

No products have been confirmed as affected:

Products Not Affected

As Mitel does not use the Objective Systems ASN1C compiler for C/C++, no Enterprise products are affected.

Risk Assessment

CVE-2016-5080 has assigned a CVSS v2 Base Score of 9.8

Mitigation / Recommended Action

No action is currently required

External References

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5080
https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/NCSC-2016-0650+1.00+Kwetsbaarheid+verholpen+in+ASN1C.html

Related CVEs / CWEs / Advisories

CVE-2016-5080
CWE-190