Vulnerabilities (CVE)

Filtered by vendor Gnu Subscribe
Filtered by product Libtasn1
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-6891 3 Apache, Debian, Gnu 3 Bookkeeper, Debian Linux, Libtasn1 2024-11-21 6.8 MEDIUM 8.8 HIGH
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.
CVE-2017-10790 1 Gnu 1 Libtasn1 2024-11-21 5.0 MEDIUM 7.5 HIGH
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.
CVE-2016-4008 4 Canonical, Fedoraproject, Gnu and 1 more 4 Ubuntu Linux, Fedora, Libtasn1 and 1 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
CVE-2015-3622 3 Fedoraproject, Gnu, Opensuse 3 Fedora, Libtasn1, Opensuse 2024-11-21 4.3 MEDIUM N/A
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
CVE-2015-2806 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2024-11-21 10.0 HIGH N/A
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2014-3469 4 Debian, Gnu, Redhat and 1 more 14 Debian Linux, Gnutls, Libtasn1 and 11 more 2024-11-21 5.0 MEDIUM N/A
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
CVE-2014-3468 5 Debian, F5, Gnu and 2 more 16 Debian Linux, Arx, Arx Firmware and 13 more 2024-11-21 7.5 HIGH N/A
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
CVE-2014-3467 5 Debian, F5, Gnu and 2 more 16 Debian Linux, Arx, Arx Firmware and 13 more 2024-11-21 5.0 MEDIUM N/A
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
CVE-2012-1569 1 Gnu 2 Gnutls, Libtasn1 2024-11-21 5.0 MEDIUM N/A
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.
CVE-2021-46848 3 Debian, Fedoraproject, Gnu 3 Debian Linux, Fedora, Libtasn1 2024-02-28 N/A 9.1 CRITICAL
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
CVE-2018-1000654 1 Gnu 1 Libtasn1 2024-02-28 7.1 HIGH 5.5 MEDIUM
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.
CVE-2018-6003 3 Debian, Fedoraproject, Gnu 3 Debian Linux, Fedora, Libtasn1 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.