Support
+32 2727 1811
Search
Mitel.com
Document Center
Search Mitel
Search Documentation
+32 2727 1811
Uw zakelijke behoefte
Uw branche
Organisatiegrootte
Onze diensten
Onze producten
Support voor klanten
Trainingen voor klanten
Partner support
Contact
Vragen of opmerkingen?
+32 2727 1811
Blog
Over Mitel
Vacatures
Case studies
Resource center
Advisory ID: 16-0020
Publish Date: 2016-12-02
Revision: 1.0
Summary
A remote code execution vulnerability has been identified in the Objective Systems ASN1C compiler, as referenced in the following CVE:
Detailed Description
As per the CVE entry on web.nist.nvd.gov the vulnerability
(An) Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system running an application compiled by ASN1C, via crafted ASN.1 data.
Affected Products
No products have been confirmed as affected:
Products Not Affected
As Mitel does not use the Objective Systems ASN1C compiler for C/C++, no Enterprise products are affected.
Risk Assessment
CVE-2016-5080 has assigned a CVSS v2 Base Score of 9.8
Mitigation / Recommended Action
No action is currently required
External References
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5080
https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/NCSC-2016-0650+1.00+Kwetsbaarheid+verholpen+in+ASN1C.html
Related CVEs / CWEs / Advisories
CVE-2016-5080
CWE-190