Mitel Product Security Advisory 16-0020

Vulnerability in Objective Systems ASN1C (CVE-2016-5080)

Advisory ID: 16-0020
Publish Date: 2016-12-02
Revision: 1.0


A remote code execution vulnerability has been identified in the Objective Systems ASN1C compiler, as referenced in the following CVE:

  • CVE-2016-5080

Detailed Description

As per the CVE entry on the vulnerability

(An) Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system running an application compiled by ASN1C, via crafted ASN.1 data.

Affected Products

No products have been confirmed as affected:

Products Not Affected

As Mitel does not use the Objective Systems ASN1C compiler for C/C++, no Enterprise products are affected.

Risk Assessment

CVE-2016-5080 has assigned a CVSS v2 Base Score of 9.8

Mitigation / Recommended Action

No action is currently required

External References

Related CVEs / CWEs / Advisories