Schulung
LOGIN PORTAL
Americas
Oceania
Kommunikationssysteme
Zusammenarbeit
Contact Center
Telefone und Zubehör
Anwendungen und Entwickler
Ihr Geschäftsbedarf
Ihre Branche
Ihre Unternehmensgröße
Unsere Services
Unsere Produkte
Kundensupport
Partner Support
Schulung
Kontakt Verkauf
Blog
Über Mitel
Karriere
Kundenreferenzen
Informationscenter
Standort: Deutschland
Advisory ID: 16-0020
Publish Date: 2016-12-02
Revision: 1.0
Summary
A remote code execution vulnerability has been identified in the Objective Systems ASN1C compiler, as referenced in the following CVE:
Detailed Description
As per the CVE entry on web.nist.nvd.gov the vulnerability
(An) Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system running an application compiled by ASN1C, via crafted ASN.1 data.
Affected Products
No products have been confirmed as affected:
Products Not Affected
As Mitel does not use the Objective Systems ASN1C compiler for C/C++, no Enterprise products are affected.
Risk Assessment
CVE-2016-5080 has assigned a CVSS v2 Base Score of 9.8
Mitigation / Recommended Action
No action is currently required
External References
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5080
Related CVEs / CWEs / Advisories
CVE-2016-5080
CWE-190