{"api_version":"1","generated_at":"2026-04-22T19:37:39+00:00","cve":"CVE-2022-3515","urls":{"html":"https://cve.report/CVE-2022-3515","api":"https://cve.report/api/cve/CVE-2022-3515.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-3515","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-3515"},"summary":{"title":"CVE-2022-3515","description":"A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2023-01-12 15:15:00","updated_at":"2023-07-06 19:15:00"},"problem_types":["CWE-190"],"metrics":[],"references":[{"url":"https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b","name":"https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b","refsource":"MISC","tags":[],"title":"rK4b7d9cd4a018","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html","name":"https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html","refsource":"MISC","tags":[],"title":"Security Advisory for Libksba/GnuPG (CVE-2022-3515)","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2022-3515","name":"https://access.redhat.com/security/cve/CVE-2022-3515","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135610","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2135610","refsource":"MISC","tags":[],"title":"2135610 – (CVE-2022-3515) CVE-2022-3515 libksba: integer overflow may lead to remote code execution","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20230706-0008/","name":"https://security.netapp.com/advisory/ntap-20230706-0008/","refsource":"CONFIRM","tags":[],"title":"403 Forbidden","mime":"text/html","httpstatus":"403","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-3515","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3515","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"3515","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnupg","cpe5":"gnupg","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"3515","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnupg","cpe5":"gnupg","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"3515","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnupg","cpe5":"libksba","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"3515","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnupg","cpe5":"vs-desktop","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"3515","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gpg4win","cpe5":"gpg4win","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"3515","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libksba_project","cpe5":"libksba","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-3515","qid":"160160","title":"Oracle Enterprise Linux Security Update for libksba (ELSA-2022-7090)"},{"cve":"CVE-2022-3515","qid":"160162","title":"Oracle Enterprise Linux Security Update for libksba (ELSA-2022-7088)"},{"cve":"CVE-2022-3515","qid":"160163","title":"Oracle Enterprise Linux Security Update for libksba (ELSA-2022-7089)"},{"cve":"CVE-2022-3515","qid":"181139","title":"Debian Security Update for libksba (DLA 3153-1)"},{"cve":"CVE-2022-3515","qid":"181140","title":"Debian Security Update for libksba (DSA 5255-1)"},{"cve":"CVE-2022-3515","qid":"184118","title":"Debian Security Update for libksba (CVE-2022-3515)"},{"cve":"CVE-2022-3515","qid":"198995","title":"Ubuntu Security Notification for Libksba Vulnerability (USN-5688-1)"},{"cve":"CVE-2022-3515","qid":"199007","title":"Ubuntu Security Notification for Libksba Vulnerability (USN-5688-2)"},{"cve":"CVE-2022-3515","qid":"240767","title":"Red Hat Update for libksba (RHSA-2022:7089)"},{"cve":"CVE-2022-3515","qid":"240768","title":"Red Hat Update for libksba (RHSA-2022:7088)"},{"cve":"CVE-2022-3515","qid":"240769","title":"Red Hat Update for libksba (RHSA-2022:7090)"},{"cve":"CVE-2022-3515","qid":"240862","title":"Red Hat Update for libksba (RHSA-2022:7927)"},{"cve":"CVE-2022-3515","qid":"257201","title":"CentOS Security Update for libksba (CESA-2022:7088)"},{"cve":"CVE-2022-3515","qid":"283236","title":"Fedora Security Update for libksba (FEDORA-2022-3ef41c3410)"},{"cve":"CVE-2022-3515","qid":"283269","title":"Fedora Security Update for libksba (FEDORA-2022-7c13845b0d)"},{"cve":"CVE-2022-3515","qid":"283487","title":"Fedora Security Update for libksba (FEDORA-2022-0002284730)"},{"cve":"CVE-2022-3515","qid":"354132","title":"Amazon Linux Security Advisory for libksba : ALAS2-2022-1890"},{"cve":"CVE-2022-3515","qid":"354250","title":"Amazon Linux Security Advisory for libksba : ALAS-2022-1649"},{"cve":"CVE-2022-3515","qid":"354418","title":"Amazon Linux Security Advisory for libksba : ALAS2022-2022-249"},{"cve":"CVE-2022-3515","qid":"354543","title":"Amazon Linux Security Advisory for libksba : ALAS-2022-249"},{"cve":"CVE-2022-3515","qid":"355054","title":"Amazon Linux Security Advisory for libksba : AL2012-2022-378"},{"cve":"CVE-2022-3515","qid":"355266","title":"Amazon Linux Security Advisory for libksba : ALAS2023-2023-088"},{"cve":"CVE-2022-3515","qid":"377712","title":"Alibaba Cloud Linux Security Update for libksba (ALINUX2-SA-2022:0048)"},{"cve":"CVE-2022-3515","qid":"377716","title":"Alibaba Cloud Linux Security Update for libksba (ALINUX3-SA-2022:0174)"},{"cve":"CVE-2022-3515","qid":"502617","title":"Alpine Linux Security Update for libksba"},{"cve":"CVE-2022-3515","qid":"502618","title":"Alpine Linux Security Update for libksba"},{"cve":"CVE-2022-3515","qid":"502736","title":"Alpine Linux Security Update for libksba"},{"cve":"CVE-2022-3515","qid":"505628","title":"Alpine Linux Security Update for libksba"},{"cve":"CVE-2022-3515","qid":"672412","title":"EulerOS Security Update for libksba (EulerOS-SA-2022-2797)"},{"cve":"CVE-2022-3515","qid":"672741","title":"EulerOS Security Update for libksba (EulerOS-SA-2023-1508)"},{"cve":"CVE-2022-3515","qid":"672745","title":"EulerOS Security Update for libksba (EulerOS-SA-2023-1447)"},{"cve":"CVE-2022-3515","qid":"672750","title":"EulerOS Security Update for libksba (EulerOS-SA-2023-1472)"},{"cve":"CVE-2022-3515","qid":"672785","title":"EulerOS Security Update for libksba (EulerOS-SA-2023-1553)"},{"cve":"CVE-2022-3515","qid":"672817","title":"EulerOS Security Update for libksba (EulerOS-SA-2023-1528)"},{"cve":"CVE-2022-3515","qid":"672923","title":"EulerOS Security Update for libksba (EulerOS-SA-2023-1760)"},{"cve":"CVE-2022-3515","qid":"672929","title":"EulerOS Security Update for libksba (EulerOS-SA-2023-1782)"},{"cve":"CVE-2022-3515","qid":"710649","title":"Gentoo Linux libksba Remote Code Execution Vulnerability (GLSA 202210-23)"},{"cve":"CVE-2022-3515","qid":"710696","title":"Gentoo Linux libksba Remote Code Execution Vulnerability (GLSA 202212-07)"},{"cve":"CVE-2022-3515","qid":"752694","title":"SUSE Enterprise Linux Security Update for libksba (SUSE-SU-2022:3683-1)"},{"cve":"CVE-2022-3515","qid":"752698","title":"SUSE Enterprise Linux Security Update for libksba (SUSE-SU-2022:3681-1)"},{"cve":"CVE-2022-3515","qid":"905253","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for gnupg2 (13001)"},{"cve":"CVE-2022-3515","qid":"905255","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for libksba (13004)"},{"cve":"CVE-2022-3515","qid":"905262","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for gnupg2 (13005)"},{"cve":"CVE-2022-3515","qid":"905653","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for libksba (13004-1)"},{"cve":"CVE-2022-3515","qid":"906603","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for libksba (13004-3)"},{"cve":"CVE-2022-3515","qid":"906640","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for gnupg2 (13005-3)"},{"cve":"CVE-2022-3515","qid":"940712","title":"AlmaLinux Security Update for libksba (ALSA-2022:7090)"},{"cve":"CVE-2022-3515","qid":"940714","title":"AlmaLinux Security Update for libksba (ALSA-2022:7089)"},{"cve":"CVE-2022-3515","qid":"960243","title":"Rocky Linux Security Update for libksba (RLSA-2022:7089)"},{"cve":"CVE-2022-3515","qid":"960604","title":"Rocky Linux Security Update for libksba (RLSA-2022:7090)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2022-3515","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"libksba","version":{"version_data":[{"version_value":"Fixed in libksba v1.6.2"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-190 - Integer Overflow or Wraparound"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2135610","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135610"},{"refsource":"MISC","name":"https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html","url":"https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html"},{"refsource":"MISC","name":"https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b","url":"https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b"},{"refsource":"MISC","name":"https://access.redhat.com/security/cve/CVE-2022-3515","url":"https://access.redhat.com/security/cve/CVE-2022-3515"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20230706-0008/","url":"https://security.netapp.com/advisory/ntap-20230706-0008/"}]},"description":{"description_data":[{"lang":"eng","value":"A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment."}]}},"nvd":{"publishedDate":"2023-01-12 15:15:00","lastModifiedDate":"2023-07-06 19:15:00","problem_types":["CWE-190"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnupg:libksba:*:*:*:*:*:*:*:*","versionEndExcluding":"1.6.3","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gpg4win:gpg4win:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"4.1.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnupg:vs-desktop:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1.16","versionEndExcluding":"3.1.26","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnupg:gnupg:*:*:*:*:lts:*:*:*","versionStartIncluding":"2.1.0","versionEndExcluding":"2.2.41","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnupg:gnupg:*:*:*:*:-:*:*:*","versionStartIncluding":"2.3.0","versionEndExcluding":"2.4.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}