Mitel Product Security Advisory 17-0001

Vulnerability in Objective Systems ASN1C (CVE-2016-5080)

Advisory ID: 16-0020
Publish Date: 2016-12-02
Revision: 1.0

Summary

A remote code execution vulnerability has been identified in the Objective Systems ASN1C compiler, as referenced in the following CVE:

CVE-2016-5080

Detailed Description

As per the CVE entry on web.nist.nvd.gov the vulnerability

(An) Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system running an application compiled by ASN1C, via crafted ASN.1 data.

Affected Products

No products have been confirmed as affected:

Products Not Affected

As Mitel does not use the Objective Systems ASN1C compiler for C/C++, no Enterprise products are affected.

Risk Assessment

CVE-2016-5080 has assigned a CVSS v2 Base Score of 9.8

Mitigation / Recommended Action

No action is currently required

External References

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5080
Related CVEs / CWEs / Advisories
CVE-2016-5080
CWE-190

First Name

Last Name

Email Address

Relationship to Mitel

By providing the above information, you agree that we may process your personal data in accordance with our Privacy Policy.

Do you agree to the terms and conditions of using our services?

Search

Select your Region/Country/Language

Americas

Europe

Oceania

Vulnerability in Objective Systems ASN1C (CVE-2016-5080)

Stay One Step Ahead

Ready to talk to sales? Contact us.