Search criteria
36 vulnerabilities found for libtasn1 by gnu
FKIE_CVE-2021-46848
Vulnerability from fkie_nvd - Published: 2022-10-24 14:15 - Updated: 2025-05-07 15:15
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Summary
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | libtasn1 | * | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libtasn1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C88A34-A1CD-4DE5-84A3-90C4A3D8B8C0",
"versionEndExcluding": "4.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der."
},
{
"lang": "es",
"value": "GNU Libtasn1 versiones anteriores a 4.19.0, presenta una comprobaci\u00f3n de tama\u00f1o de matriz ETYPE_OK fuera de lugar que afecta a la funci\u00f3n asn1_encode_simple_der"
}
],
"id": "CVE-2021-46848",
"lastModified": "2025-05-07T15:15:52.307",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-10-24T14:15:49.973",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.gentoo.org/866237"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/libtasn1/-/issues/32"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV4SHDJF2XLB4CUPTBPQQ6CLGZ5LKXPZ/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECM2ELTVRYV4BZ5L5GMIRQE27RFHPAQ6/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGO7XST4EIJGX4B2ITZCYSWM24534BSU/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V5LWOGF7QRMNFRUCZY6TDYQJVFI6MOQ2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221118-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.gentoo.org/866237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/libtasn1/-/issues/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV4SHDJF2XLB4CUPTBPQQ6CLGZ5LKXPZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECM2ELTVRYV4BZ5L5GMIRQE27RFHPAQ6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGO7XST4EIJGX4B2ITZCYSWM24534BSU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V5LWOGF7QRMNFRUCZY6TDYQJVFI6MOQ2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221118-0006/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-193"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-193"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2018-1000654
Vulnerability from fkie_nvd - Published: 2018-08-20 19:31 - Updated: 2024-11-21 03:40
Severity ?
Summary
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libtasn1:4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B0DFAFB0-18FA-48C9-A7D0-8AE3DC3B3F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E261FB67-8C77-4789-B340-C1DF940ADDAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file."
},
{
"lang": "es",
"value": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contiene una denegaci\u00f3n de servicio (DoS). De manera espec\u00edfica, el uso de recursos de CPU llega al 100% cuando se ejecuta asn1Paser contra el POC debido a que existe un problema en _asn1_expand_object_id(p_tree) en el que, despu\u00e9s de un per\u00edodo largo de tiempo, el programa se bloquea y se cierra. Este ataque parece ser explotable mediante el an\u00e1lisis sint\u00e1ctico de un archivo manipulado."
}
],
"id": "CVE-2018-1000654",
"lastModified": "2024-11-21T03:40:20.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-20T19:31:44.870",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105151"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/libtasn1/issues/4"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/libtasn1/issues/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-6003
Vulnerability from fkie_nvd - Published: 2018-01-22 20:29 - Updated: 2024-11-21 04:09
Severity ?
Summary
An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | libtasn1 | * | |
| debian | debian_linux | 9.0 | |
| fedoraproject | fedora | 26 | |
| fedoraproject | fedora | 27 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libtasn1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "536BB341-F6FC-4417-AC6F-136EC90AADD0",
"versionEndIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*",
"matchCriteriaId": "6E4D8269-B407-4C24-AAB0-02F885C7D752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:27:*:*:*:*:*:*:*",
"matchCriteriaId": "DBEACBFF-6D05-4B69-BF7A-F7E539D9BF6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en la funci\u00f3n _asn1_decode_simple_ber en decoding.c en GNU Libtasn1, en versiones anteriores a la 4.13. La recursi\u00f3n no limitada en el descodificador BER conduce al agotamiento de la pila y a DoS."
}
],
"id": "CVE-2018-6003",
"lastModified": "2024-11-21T04:09:51.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-22T20:29:00.493",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535926"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1076832"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1076832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4106"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-10790
Vulnerability from fkie_nvd - Published: 2017-07-02 03:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libtasn1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "536BB341-F6FC-4417-AC6F-136EC90AADD0",
"versionEndIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack."
},
{
"lang": "es",
"value": "La funci\u00f3n _asn1_check_identifier en GNU Libtasn1 hasta la versi\u00f3n 4.12 provoca una desreferencia de puntero NULL y un cierre inesperado cuando se leen entradas manipuladas que desencadenan la asignaci\u00f3n de un valor NULL en una estructura asn1_node. Esto puede dar lugar a un ataque remoto de denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2017-10790",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-02T03:29:00.183",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1464141"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00026.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201710-11"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/3547-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2018/dsa-4106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1464141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201710-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3547-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2018/dsa-4106"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-6891
Vulnerability from fkie_nvd - Published: 2017-05-22 19:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | libtasn1 | 4.10 | |
| debian | debian_linux | 8.0 | |
| apache | bookkeeper | 4.12.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libtasn1:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "17277D17-DF6A-4594-B9FA-8D91EFF3ADBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:bookkeeper:4.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB293558-0DB0-4EEB-A91C-7B00A9FA634E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility."
},
{
"lang": "es",
"value": "Se pueden explotar dos errores en la funci\u00f3n \\\"asn1_find_node()\\\" (lib/parser_aux.c) en GnuTLS libtasn1 versi\u00f3n 4.10 para provocar un desbordamiento de b\u00fafer basado en pila enga\u00f1ando a un usuario para que procese un archivo de asignaciones especialmente manipulado mediante la utilidad de ejemplo asn1Coding."
}
],
"id": "CVE-2017-6891",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-22T19:29:00.250",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=5520704d075802df25ce4ffccc010ba1641bd484"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3861"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98641"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038619"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Permissions Required"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/76125/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201710-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=5520704d075802df25ce4ffccc010ba1641bd484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/76125/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201710-11"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-4008
Vulnerability from fkie_nvd - Published: 2016-05-05 18:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| canonical | ubuntu_linux | 16.04 | |
| opensuse | opensuse | 13.2 | |
| gnu | libtasn1 | * | |
| fedoraproject | fedora | 22 | |
| fedoraproject | fedora | 23 | |
| fedoraproject | fedora | 24 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libtasn1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7838BCC2-1E49-4595-B3FE-17A4EFF4A1CD",
"versionEndIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
"matchCriteriaId": "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate."
},
{
"lang": "es",
"value": "La funci\u00f3n _asn1_extract_der_octet en lib/decoding.c en GNU Libtasn1 en versiones anteriores a 4.8, cuando se utiliza sin el indicador ASN1_DECODE_FLAG_STRICT_DER, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (recursi\u00f3n infinita) a trav\u00e9s de un certificado manipulado."
}
],
"id": "CVE-2016-4008",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-05T18:59:10.380",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625"
},
{
"source": "cve@mitre.org",
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=f435825c0f527a8e52e6ffbc3ad0bc60531d537e"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3568"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2016/04/11/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2957-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2957-2"
},
{
"source": "cve@mitre.org",
"url": "https://lists.gnu.org/archive/html/help-libtasn1/2016-04/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201703-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=f435825c0f527a8e52e6ffbc3ad0bc60531d537e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/04/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2957-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2957-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.gnu.org/archive/html/help-libtasn1/2016-04/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201703-05"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-3622
Vulnerability from fkie_nvd - Published: 2015-05-12 19:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libtasn1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C544A56-1034-42CC-B8B6-33F549C9CCB8",
"versionEndIncluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate."
},
{
"lang": "es",
"value": "La funci\u00f3n _asn1_extract_der_octet en lib/decoding.c en GNU Libtasn1 anterior a 4.5 permite a atacantes remotos causar una denegaci\u00f3n de servicio (lectura de memoria din\u00e1mica fuera de rango) a trav\u00e9s de un certificado manipulado."
}
],
"id": "CVE-2015-3622",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-12T19:59:24.043",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158225.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/131711/libtasn1-Heap-Overflow.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Apr/109"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3256"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:232"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/74419"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1032246"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2604-1"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:1860"
},
{
"source": "cve@mitre.org",
"url": "https://lists.gnu.org/archive/html/help-libtasn1/2015-04/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201509-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158225.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/131711/libtasn1-Heap-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Apr/109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2604-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:1860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.gnu.org/archive/html/help-libtasn1/2015-04/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201509-04"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-2806
Vulnerability from fkie_nvd - Published: 2015-04-10 15:00 - Updated: 2025-04-12 10:46
Severity ?
Summary
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 | |
| debian | debian_linux | 7.0 | |
| fedoraproject | fedora | 20 | |
| fedoraproject | fedora | 21 | |
| fedoraproject | fedora | 22 | |
| gnu | libtasn1 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libtasn1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B398E2-A069-4A84-A6AA-CB7F6FB9EF7A",
"versionEndIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en pila en asn1_der_decoding en libtasn1 anterior a 4.4 permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2015-2806",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-10T15:00:05.960",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=4d4f992826a4962790ecd0cce6fbba4a415ce149"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154741.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154805.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155117.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155270.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155435.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155483.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3220"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:193"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/29/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/31/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/73436"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032080"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2559-1"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:1860"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201509-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=4d4f992826a4962790ecd0cce6fbba4a415ce149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154741.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154805.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155117.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155270.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155435.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155483.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/29/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/31/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/73436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2559-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:1860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201509-04"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-3468
Vulnerability from fkie_nvd - Published: 2014-06-05 20:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77216B5D-E820-4137-B00F-0B66CD08EEE1",
"versionEndExcluding": "3.5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2350B15F-7A7A-4BCD-852D-F9999C61DEDF",
"versionEndExcluding": "3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37BA55FC-D350-4DEB-9802-40AF59C99E79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "569964DA-31BE-4520-A66D-C3B09D557AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "835AE071-CEAE-49E5-8F0C-E5F50FB85EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A3A907A3-2A3A-46D4-8D75-914649877B65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*",
"matchCriteriaId": "67960FB9-13D1-4DEE-8158-31BF31BCBE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
"matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*",
"matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
"matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "2F7F8866-DEAD-44D1-AB10-21EE611AA026",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:f5:arx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48A2FBA9-207F-4F16-932D-BF0BA3440503",
"versionEndIncluding": "6.4.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:f5:arx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6AC80F-9D91-468D-BEE3-6A0759723673",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data."
},
{
"lang": "es",
"value": "La funci\u00f3n asn1_get_bit_der en GNU Libtasn1 anterior a 3.6 no informa debidamente de un error cuando una longitud de bit negativa est\u00e1 identificada, lo que permite a atacantes dependientes de contexto causar acceso fuera de rango a trav\u00e9s de datos ASN.1 manipulados."
}
],
"id": "CVE-2014-3468",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-05T20:55:06.283",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58591"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58614"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59021"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59057"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59408"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60320"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60415"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61888"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-131"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-3467
Vulnerability from fkie_nvd - Published: 2014-06-05 20:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77216B5D-E820-4137-B00F-0B66CD08EEE1",
"versionEndExcluding": "3.5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2350B15F-7A7A-4BCD-852D-F9999C61DEDF",
"versionEndExcluding": "3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37BA55FC-D350-4DEB-9802-40AF59C99E79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "569964DA-31BE-4520-A66D-C3B09D557AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "835AE071-CEAE-49E5-8F0C-E5F50FB85EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A3A907A3-2A3A-46D4-8D75-914649877B65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*",
"matchCriteriaId": "67960FB9-13D1-4DEE-8158-31BF31BCBE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
"matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*",
"matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
"matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "2F7F8866-DEAD-44D1-AB10-21EE611AA026",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:f5:arx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48A2FBA9-207F-4F16-932D-BF0BA3440503",
"versionEndIncluding": "6.4.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:f5:arx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6AC80F-9D91-468D-BEE3-6A0759723673",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en el decodificador DER en GNU Libtasn1 en versiones anteriores a 3.6, como se utiliza en GnuTLS, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) a trav\u00e9s de un archivo ASN.1 manipulado."
}
],
"id": "CVE-2014-3467",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-05T20:55:06.033",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58591"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58614"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59021"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59057"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59408"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60320"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60415"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61888"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102022"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-3469
Vulnerability from fkie_nvd - Published: 2014-06-05 20:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77216B5D-E820-4137-B00F-0B66CD08EEE1",
"versionEndExcluding": "3.5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libtasn1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2350B15F-7A7A-4BCD-852D-F9999C61DEDF",
"versionEndExcluding": "3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37BA55FC-D350-4DEB-9802-40AF59C99E79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "569964DA-31BE-4520-A66D-C3B09D557AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "835AE071-CEAE-49E5-8F0C-E5F50FB85EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A3A907A3-2A3A-46D4-8D75-914649877B65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*",
"matchCriteriaId": "67960FB9-13D1-4DEE-8158-31BF31BCBE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
"matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*",
"matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
"matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "2F7F8866-DEAD-44D1-AB10-21EE611AA026",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument."
},
{
"lang": "es",
"value": "Las funciones (1) asn1_read_value_type y (2) asn1_read_value en GNU Libtasn1 anterior a 3.6 permite a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio (referencia de puntero nulo y ca\u00edda) a trav\u00e9s de un valor nulo en un argumento ivalue."
}
],
"id": "CVE-2014-3469",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-05T20:55:06.347",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58591"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58614"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59021"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59057"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59408"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60320"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60415"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61888"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/59408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102329"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-46848 (GCVE-0-2021-46848)
Vulnerability from cvelistv5 – Published: 2022-10-24 00:00 – Updated: 2025-05-07 14:32
VLAI?
Summary
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
Severity ?
9.1 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gnutls/libtasn1/-/issues/32"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.gentoo.org/866237"
},
{
"name": "FEDORA-2022-061f857481",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGO7XST4EIJGX4B2ITZCYSWM24534BSU/"
},
{
"name": "FEDORA-2022-3c933ffaca",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV4SHDJF2XLB4CUPTBPQQ6CLGZ5LKXPZ/"
},
{
"name": "FEDORA-2022-19056934a7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V5LWOGF7QRMNFRUCZY6TDYQJVFI6MOQ2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221118-0006/"
},
{
"name": "FEDORA-2022-3f9ee1ad91",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECM2ELTVRYV4BZ5L5GMIRQE27RFHPAQ6/"
},
{
"name": "[debian-lts-announce] 20230109 [SECURITY] [DLA 3263-1] libtasn1-6 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-46848",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T14:30:56.235688Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T14:32:10.465Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-09T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5"
},
{
"url": "https://gitlab.com/gnutls/libtasn1/-/issues/32"
},
{
"url": "https://bugs.gentoo.org/866237"
},
{
"name": "FEDORA-2022-061f857481",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGO7XST4EIJGX4B2ITZCYSWM24534BSU/"
},
{
"name": "FEDORA-2022-3c933ffaca",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV4SHDJF2XLB4CUPTBPQQ6CLGZ5LKXPZ/"
},
{
"name": "FEDORA-2022-19056934a7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V5LWOGF7QRMNFRUCZY6TDYQJVFI6MOQ2/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221118-0006/"
},
{
"name": "FEDORA-2022-3f9ee1ad91",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECM2ELTVRYV4BZ5L5GMIRQE27RFHPAQ6/"
},
{
"name": "[debian-lts-announce] 20230109 [SECURITY] [DLA 3263-1] libtasn1-6 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46848",
"datePublished": "2022-10-24T00:00:00.000Z",
"dateReserved": "2022-10-24T00:00:00.000Z",
"dateUpdated": "2025-05-07T14:32:10.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000654 (GCVE-0-2018-1000654)
Vulnerability from cvelistv5 – Published: 2018-08-20 19:00 – Updated: 2024-08-05 12:40
VLAI?
Summary
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/libtasn1/issues/4"
},
{
"name": "105151",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105151"
},
{
"name": "openSUSE-SU-2019:1498",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html"
},
{
"name": "openSUSE-SU-2019:1510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-08-19T00:00:00",
"datePublic": "2018-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-25T16:06:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gnutls/libtasn1/issues/4"
},
{
"name": "105151",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105151"
},
{
"name": "openSUSE-SU-2019:1498",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html"
},
{
"name": "openSUSE-SU-2019:1510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-08-19T17:09:33.126155",
"DATE_REQUESTED": "2018-08-12T23:08:51",
"ID": "CVE-2018-1000654",
"REQUESTER": "situlingyun@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gnutls/libtasn1/issues/4",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gnutls/libtasn1/issues/4"
},
{
"name": "105151",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105151"
},
{
"name": "openSUSE-SU-2019:1498",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html"
},
{
"name": "openSUSE-SU-2019:1510",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000654",
"datePublished": "2018-08-20T19:00:00",
"dateReserved": "2018-08-12T00:00:00",
"dateUpdated": "2024-08-05T12:40:47.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6003 (GCVE-0-2018-6003)
Vulnerability from cvelistv5 – Published: 2018-01-22 20:00 – Updated: 2024-08-05 05:47
VLAI?
Summary
An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:47:56.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1076832"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535926"
},
{
"name": "DSA-4106",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:08:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1076832"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535926"
},
{
"name": "DSA-4106",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1076832",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1076832"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1535926",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535926"
},
{
"name": "DSA-4106",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4106"
},
{
"name": "http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97",
"refsource": "CONFIRM",
"url": "http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6003",
"datePublished": "2018-01-22T20:00:00",
"dateReserved": "2018-01-22T00:00:00",
"dateUpdated": "2024-08-05T05:47:56.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10790 (GCVE-0-2017-10790)
Vulnerability from cvelistv5 – Published: 2017-07-02 03:00 – Updated: 2024-08-05 17:50
VLAI?
Summary
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201710-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-11"
},
{
"name": "USN-3547-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3547-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1464141"
},
{
"name": "DSA-4106",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4106"
},
{
"name": "[debian-lts-announce] 20200628 [SECURITY] [DLA 2255-1] libtasn1-6 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00026.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:08:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201710-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-11"
},
{
"name": "USN-3547-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3547-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1464141"
},
{
"name": "DSA-4106",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4106"
},
{
"name": "[debian-lts-announce] 20200628 [SECURITY] [DLA 2255-1] libtasn1-6 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00026.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201710-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-11"
},
{
"name": "USN-3547-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3547-1/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1464141",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1464141"
},
{
"name": "DSA-4106",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4106"
},
{
"name": "[debian-lts-announce] 20200628 [SECURITY] [DLA 2255-1] libtasn1-6 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00026.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10790",
"datePublished": "2017-07-02T03:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6891 (GCVE-0-2017-6891)
Vulnerability from cvelistv5 – Published: 2017-05-22 19:00 – Updated: 2024-08-05 15:41
VLAI?
Summary
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.
Severity ?
No CVSS data available.
CWE
- Stack-based buffer overflow leading to system compromise
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Flexera Software LLC | GnuTLS libtasn1 |
Affected:
4.10. Other versions may also be affected.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201710-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-11"
},
{
"name": "DSA-3861",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3861"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/76125/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=5520704d075802df25ce4ffccc010ba1641bd484"
},
{
"name": "98641",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98641"
},
{
"name": "1038619",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038619"
},
{
"name": "openSUSE-SU-2019:1510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GnuTLS libtasn1",
"vendor": "Flexera Software LLC",
"versions": [
{
"status": "affected",
"version": "4.10. Other versions may also be affected."
}
]
}
],
"datePublic": "2017-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack-based buffer overflow leading to system compromise",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:07:27",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "GLSA-201710-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-11"
},
{
"name": "DSA-3861",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3861"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/76125/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=5520704d075802df25ce4ffccc010ba1641bd484"
},
{
"name": "98641",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98641"
},
{
"name": "1038619",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038619"
},
{
"name": "openSUSE-SU-2019:1510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2017-6891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GnuTLS libtasn1",
"version": {
"version_data": [
{
"version_value": "4.10. Other versions may also be affected."
}
]
}
}
]
},
"vendor_name": "Flexera Software LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based buffer overflow leading to system compromise"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201710-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-11"
},
{
"name": "DSA-3861",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3861"
},
{
"name": "https://secuniaresearch.flexerasoftware.com/advisories/76125/",
"refsource": "MISC",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/76125/"
},
{
"name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/",
"refsource": "MISC",
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/"
},
{
"name": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484"
},
{
"name": "98641",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98641"
},
{
"name": "1038619",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038619"
},
{
"name": "openSUSE-SU-2019:1510",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2017-6891",
"datePublished": "2017-05-22T19:00:00",
"dateReserved": "2017-03-14T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4008 (GCVE-0-2016-4008)
Vulnerability from cvelistv5 – Published: 2016-05-05 18:00 – Updated: 2024-08-06 00:17
VLAI?
Summary
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:30.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201703-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201703-05"
},
{
"name": "FEDORA-2016-048ffb6235",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625"
},
{
"name": "USN-2957-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2957-2"
},
{
"name": "FEDORA-2016-383b8250e6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.html"
},
{
"name": "openSUSE-SU-2016:1567",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html"
},
{
"name": "[help-libtasn1] 20160411 GNU Libtasn1 4.8 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/help-libtasn1/2016-04/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=f435825c0f527a8e52e6ffbc3ad0bc60531d537e"
},
{
"name": "DSA-3568",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3568"
},
{
"name": "openSUSE-SU-2016:1674",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html"
},
{
"name": "FEDORA-2016-96bfd9e873",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.html"
},
{
"name": "USN-2957-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2957-1"
},
{
"name": "[oss-security] 20160411 Infinite loops parsing malicious DER certificates in libtasn1 4.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/11/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201703-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201703-05"
},
{
"name": "FEDORA-2016-048ffb6235",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625"
},
{
"name": "USN-2957-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2957-2"
},
{
"name": "FEDORA-2016-383b8250e6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.html"
},
{
"name": "openSUSE-SU-2016:1567",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html"
},
{
"name": "[help-libtasn1] 20160411 GNU Libtasn1 4.8 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/help-libtasn1/2016-04/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=f435825c0f527a8e52e6ffbc3ad0bc60531d537e"
},
{
"name": "DSA-3568",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3568"
},
{
"name": "openSUSE-SU-2016:1674",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html"
},
{
"name": "FEDORA-2016-96bfd9e873",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.html"
},
{
"name": "USN-2957-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2957-1"
},
{
"name": "[oss-security] 20160411 Infinite loops parsing malicious DER certificates in libtasn1 4.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/11/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201703-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201703-05"
},
{
"name": "FEDORA-2016-048ffb6235",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.html"
},
{
"name": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625"
},
{
"name": "USN-2957-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2957-2"
},
{
"name": "FEDORA-2016-383b8250e6",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.html"
},
{
"name": "openSUSE-SU-2016:1567",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html"
},
{
"name": "[help-libtasn1] 20160411 GNU Libtasn1 4.8 released",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/help-libtasn1/2016-04/msg00009.html"
},
{
"name": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=f435825c0f527a8e52e6ffbc3ad0bc60531d537e",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=f435825c0f527a8e52e6ffbc3ad0bc60531d537e"
},
{
"name": "DSA-3568",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3568"
},
{
"name": "openSUSE-SU-2016:1674",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html"
},
{
"name": "FEDORA-2016-96bfd9e873",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.html"
},
{
"name": "USN-2957-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2957-1"
},
{
"name": "[oss-security] 20160411 Infinite loops parsing malicious DER certificates in libtasn1 4.7",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/11/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4008",
"datePublished": "2016-05-05T18:00:00",
"dateReserved": "2016-04-13T00:00:00",
"dateUpdated": "2024-08-06T00:17:30.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3622 (GCVE-0-2015-3622)
Vulnerability from cvelistv5 – Published: 2015-05-12 19:00 – Updated: 2024-08-06 05:47
VLAI?
Summary
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201509-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201509-04"
},
{
"name": "1032246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032246"
},
{
"name": "FEDORA-2015-7288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158225.html"
},
{
"name": "RHSA-2017:1860",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1860"
},
{
"name": "20150430 Heap overflow / invalid read in Libtasn1 before 4.5 (TFPA 005/2015)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Apr/109"
},
{
"name": "DSA-3256",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3256"
},
{
"name": "[help-libtasn1] 20150429 GNU Libtasn1 4.5 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/help-libtasn1/2015-04/msg00000.html"
},
{
"name": "openSUSE-SU-2016:1567",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html"
},
{
"name": "MDVSA-2015:232",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:232"
},
{
"name": "openSUSE-SU-2015:1372",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00014.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/131711/libtasn1-Heap-Overflow.html"
},
{
"name": "74419",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74419"
},
{
"name": "openSUSE-SU-2016:1674",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html"
},
{
"name": "USN-2604-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2604-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201509-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201509-04"
},
{
"name": "1032246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032246"
},
{
"name": "FEDORA-2015-7288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158225.html"
},
{
"name": "RHSA-2017:1860",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1860"
},
{
"name": "20150430 Heap overflow / invalid read in Libtasn1 before 4.5 (TFPA 005/2015)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Apr/109"
},
{
"name": "DSA-3256",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3256"
},
{
"name": "[help-libtasn1] 20150429 GNU Libtasn1 4.5 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/help-libtasn1/2015-04/msg00000.html"
},
{
"name": "openSUSE-SU-2016:1567",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html"
},
{
"name": "MDVSA-2015:232",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:232"
},
{
"name": "openSUSE-SU-2015:1372",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00014.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/131711/libtasn1-Heap-Overflow.html"
},
{
"name": "74419",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74419"
},
{
"name": "openSUSE-SU-2016:1674",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html"
},
{
"name": "USN-2604-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2604-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201509-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201509-04"
},
{
"name": "1032246",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032246"
},
{
"name": "FEDORA-2015-7288",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158225.html"
},
{
"name": "RHSA-2017:1860",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1860"
},
{
"name": "20150430 Heap overflow / invalid read in Libtasn1 before 4.5 (TFPA 005/2015)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Apr/109"
},
{
"name": "DSA-3256",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3256"
},
{
"name": "[help-libtasn1] 20150429 GNU Libtasn1 4.5 released",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/help-libtasn1/2015-04/msg00000.html"
},
{
"name": "openSUSE-SU-2016:1567",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html"
},
{
"name": "MDVSA-2015:232",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:232"
},
{
"name": "openSUSE-SU-2015:1372",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00014.html"
},
{
"name": "http://packetstormsecurity.com/files/131711/libtasn1-Heap-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131711/libtasn1-Heap-Overflow.html"
},
{
"name": "74419",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74419"
},
{
"name": "openSUSE-SU-2016:1674",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html"
},
{
"name": "USN-2604-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2604-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3622",
"datePublished": "2015-05-12T19:00:00",
"dateReserved": "2015-04-30T00:00:00",
"dateUpdated": "2024-08-06T05:47:57.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2806 (GCVE-0-2015-2806)
Vulnerability from cvelistv5 – Published: 2015-04-10 14:00 – Updated: 2024-08-06 05:24
VLAI?
Summary
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:39.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2015:193",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:193"
},
{
"name": "GLSA-201509-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201509-04"
},
{
"name": "FEDORA-2015-5199",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155270.html"
},
{
"name": "USN-2559-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2559-1"
},
{
"name": "FEDORA-2015-5308",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155117.html"
},
{
"name": "FEDORA-2015-5390",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155435.html"
},
{
"name": "FEDORA-2015-5245",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155483.html"
},
{
"name": "[oss-security] 20150330 Re: Fw: GNU Libtasn1 4.4 released ( fixes stack overflow in asn1_der_decoding)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/31/2"
},
{
"name": "1032080",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032080"
},
{
"name": "73436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73436"
},
{
"name": "RHSA-2017:1860",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1860"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "FEDORA-2015-5114",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154805.html"
},
{
"name": "DSA-3220",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3220"
},
{
"name": "FEDORA-2015-5182",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154741.html"
},
{
"name": "[oss-security] 20150329 Fw: GNU Libtasn1 4.4 released ( fixes stack overflow in asn1_der_decoding)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/29/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=4d4f992826a4962790ecd0cce6fbba4a415ce149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2015:193",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:193"
},
{
"name": "GLSA-201509-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201509-04"
},
{
"name": "FEDORA-2015-5199",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155270.html"
},
{
"name": "USN-2559-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2559-1"
},
{
"name": "FEDORA-2015-5308",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155117.html"
},
{
"name": "FEDORA-2015-5390",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155435.html"
},
{
"name": "FEDORA-2015-5245",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155483.html"
},
{
"name": "[oss-security] 20150330 Re: Fw: GNU Libtasn1 4.4 released ( fixes stack overflow in asn1_der_decoding)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/31/2"
},
{
"name": "1032080",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032080"
},
{
"name": "73436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73436"
},
{
"name": "RHSA-2017:1860",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1860"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "FEDORA-2015-5114",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154805.html"
},
{
"name": "DSA-3220",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3220"
},
{
"name": "FEDORA-2015-5182",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154741.html"
},
{
"name": "[oss-security] 20150329 Fw: GNU Libtasn1 4.4 released ( fixes stack overflow in asn1_der_decoding)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/29/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=4d4f992826a4962790ecd0cce6fbba4a415ce149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2015:193",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:193"
},
{
"name": "GLSA-201509-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201509-04"
},
{
"name": "FEDORA-2015-5199",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155270.html"
},
{
"name": "USN-2559-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2559-1"
},
{
"name": "FEDORA-2015-5308",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155117.html"
},
{
"name": "FEDORA-2015-5390",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155435.html"
},
{
"name": "FEDORA-2015-5245",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155483.html"
},
{
"name": "[oss-security] 20150330 Re: Fw: GNU Libtasn1 4.4 released ( fixes stack overflow in asn1_der_decoding)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/31/2"
},
{
"name": "1032080",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032080"
},
{
"name": "73436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73436"
},
{
"name": "RHSA-2017:1860",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1860"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "FEDORA-2015-5114",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154805.html"
},
{
"name": "DSA-3220",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3220"
},
{
"name": "FEDORA-2015-5182",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154741.html"
},
{
"name": "[oss-security] 20150329 Fw: GNU Libtasn1 4.4 released ( fixes stack overflow in asn1_der_decoding)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/29/4"
},
{
"name": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=4d4f992826a4962790ecd0cce6fbba4a415ce149",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=4d4f992826a4962790ecd0cce6fbba4a415ce149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2806",
"datePublished": "2015-04-10T14:00:00",
"dateReserved": "2015-03-30T00:00:00",
"dateUpdated": "2024-08-06T05:24:39.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3468 (GCVE-0-2014-3468)
Vulnerability from cvelistv5 – Published: 2014-06-05 20:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:06.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60320"
},
{
"name": "DSA-3056",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"name": "59057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59057"
},
{
"name": "SUSE-SU-2014:0758",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"name": "MDVSA-2015:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"name": "59021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59021"
},
{
"name": "61888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61888"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"name": "RHSA-2014:0815",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"name": "RHSA-2014:0596",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323"
},
{
"name": "58591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58591"
},
{
"name": "RHSA-2014:0687",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"name": "58614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58614"
},
{
"name": "SUSE-SU-2014:0788",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"name": "RHSA-2014:0594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"name": "60415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60415"
},
{
"name": "59408",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "60320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60320"
},
{
"name": "DSA-3056",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"name": "59057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59057"
},
{
"name": "SUSE-SU-2014:0758",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"name": "MDVSA-2015:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"name": "59021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59021"
},
{
"name": "61888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61888"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"name": "RHSA-2014:0815",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"name": "RHSA-2014:0596",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323"
},
{
"name": "58591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58591"
},
{
"name": "RHSA-2014:0687",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"name": "58614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58614"
},
{
"name": "SUSE-SU-2014:0788",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"name": "RHSA-2014:0594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"name": "60415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60415"
},
{
"name": "59408",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59408"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60320"
},
{
"name": "DSA-3056",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"name": "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7015302",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"name": "59057",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59057"
},
{
"name": "SUSE-SU-2014:0758",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"name": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html",
"refsource": "CONFIRM",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0596.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"name": "MDVSA-2015:116",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"name": "59021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59021"
},
{
"name": "61888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61888"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0247.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"name": "RHSA-2014:0815",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"name": "RHSA-2014:0596",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7015303",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0594.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323"
},
{
"name": "58591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58591"
},
{
"name": "RHSA-2014:0687",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"name": "58614",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58614"
},
{
"name": "SUSE-SU-2014:0788",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"name": "RHSA-2014:0594",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"name": "60415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60415"
},
{
"name": "59408",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59408"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3468",
"datePublished": "2014-06-05T20:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:43:06.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3467 (GCVE-0-2014-3467)
Vulnerability from cvelistv5 – Published: 2014-06-05 20:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:06.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60320"
},
{
"name": "DSA-3056",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"name": "59057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59057"
},
{
"name": "SUSE-SU-2014:0758",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"name": "MDVSA-2015:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"name": "59021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59021"
},
{
"name": "61888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61888"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"name": "RHSA-2014:0815",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"name": "RHSA-2014:0596",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"name": "58591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58591"
},
{
"name": "RHSA-2014:0687",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"name": "58614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58614"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102022"
},
{
"name": "SUSE-SU-2014:0788",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"name": "RHSA-2014:0594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"name": "60415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60415"
},
{
"name": "59408",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "60320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60320"
},
{
"name": "DSA-3056",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"name": "59057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59057"
},
{
"name": "SUSE-SU-2014:0758",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"name": "MDVSA-2015:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"name": "59021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59021"
},
{
"name": "61888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61888"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"name": "RHSA-2014:0815",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"name": "RHSA-2014:0596",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"name": "58591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58591"
},
{
"name": "RHSA-2014:0687",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"name": "58614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58614"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102022"
},
{
"name": "SUSE-SU-2014:0788",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"name": "RHSA-2014:0594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"name": "60415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60415"
},
{
"name": "59408",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59408"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60320"
},
{
"name": "DSA-3056",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7015302",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"name": "59057",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59057"
},
{
"name": "SUSE-SU-2014:0758",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"name": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html",
"refsource": "CONFIRM",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0596.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"name": "MDVSA-2015:116",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"name": "59021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59021"
},
{
"name": "61888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61888"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0247.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"name": "RHSA-2014:0815",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"name": "RHSA-2014:0596",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7015303",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0594.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"name": "58591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58591"
},
{
"name": "RHSA-2014:0687",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"name": "58614",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58614"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1102022",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102022"
},
{
"name": "SUSE-SU-2014:0788",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"name": "RHSA-2014:0594",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"name": "60415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60415"
},
{
"name": "59408",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59408"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3467",
"datePublished": "2014-06-05T20:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:43:06.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46848 (GCVE-0-2021-46848)
Vulnerability from nvd – Published: 2022-10-24 00:00 – Updated: 2025-05-07 14:32
VLAI?
Summary
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
Severity ?
9.1 (Critical)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gnutls/libtasn1/-/issues/32"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.gentoo.org/866237"
},
{
"name": "FEDORA-2022-061f857481",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGO7XST4EIJGX4B2ITZCYSWM24534BSU/"
},
{
"name": "FEDORA-2022-3c933ffaca",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV4SHDJF2XLB4CUPTBPQQ6CLGZ5LKXPZ/"
},
{
"name": "FEDORA-2022-19056934a7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V5LWOGF7QRMNFRUCZY6TDYQJVFI6MOQ2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221118-0006/"
},
{
"name": "FEDORA-2022-3f9ee1ad91",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECM2ELTVRYV4BZ5L5GMIRQE27RFHPAQ6/"
},
{
"name": "[debian-lts-announce] 20230109 [SECURITY] [DLA 3263-1] libtasn1-6 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-46848",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T14:30:56.235688Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T14:32:10.465Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-09T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5"
},
{
"url": "https://gitlab.com/gnutls/libtasn1/-/issues/32"
},
{
"url": "https://bugs.gentoo.org/866237"
},
{
"name": "FEDORA-2022-061f857481",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGO7XST4EIJGX4B2ITZCYSWM24534BSU/"
},
{
"name": "FEDORA-2022-3c933ffaca",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV4SHDJF2XLB4CUPTBPQQ6CLGZ5LKXPZ/"
},
{
"name": "FEDORA-2022-19056934a7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V5LWOGF7QRMNFRUCZY6TDYQJVFI6MOQ2/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221118-0006/"
},
{
"name": "FEDORA-2022-3f9ee1ad91",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECM2ELTVRYV4BZ5L5GMIRQE27RFHPAQ6/"
},
{
"name": "[debian-lts-announce] 20230109 [SECURITY] [DLA 3263-1] libtasn1-6 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46848",
"datePublished": "2022-10-24T00:00:00.000Z",
"dateReserved": "2022-10-24T00:00:00.000Z",
"dateUpdated": "2025-05-07T14:32:10.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000654 (GCVE-0-2018-1000654)
Vulnerability from nvd – Published: 2018-08-20 19:00 – Updated: 2024-08-05 12:40
VLAI?
Summary
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/libtasn1/issues/4"
},
{
"name": "105151",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105151"
},
{
"name": "openSUSE-SU-2019:1498",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html"
},
{
"name": "openSUSE-SU-2019:1510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-08-19T00:00:00",
"datePublic": "2018-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-25T16:06:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gnutls/libtasn1/issues/4"
},
{
"name": "105151",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105151"
},
{
"name": "openSUSE-SU-2019:1498",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html"
},
{
"name": "openSUSE-SU-2019:1510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-08-19T17:09:33.126155",
"DATE_REQUESTED": "2018-08-12T23:08:51",
"ID": "CVE-2018-1000654",
"REQUESTER": "situlingyun@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gnutls/libtasn1/issues/4",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gnutls/libtasn1/issues/4"
},
{
"name": "105151",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105151"
},
{
"name": "openSUSE-SU-2019:1498",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html"
},
{
"name": "openSUSE-SU-2019:1510",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000654",
"datePublished": "2018-08-20T19:00:00",
"dateReserved": "2018-08-12T00:00:00",
"dateUpdated": "2024-08-05T12:40:47.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6003 (GCVE-0-2018-6003)
Vulnerability from nvd – Published: 2018-01-22 20:00 – Updated: 2024-08-05 05:47
VLAI?
Summary
An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:47:56.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1076832"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535926"
},
{
"name": "DSA-4106",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:08:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1076832"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535926"
},
{
"name": "DSA-4106",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1076832",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1076832"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1535926",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535926"
},
{
"name": "DSA-4106",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4106"
},
{
"name": "http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97",
"refsource": "CONFIRM",
"url": "http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6003",
"datePublished": "2018-01-22T20:00:00",
"dateReserved": "2018-01-22T00:00:00",
"dateUpdated": "2024-08-05T05:47:56.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10790 (GCVE-0-2017-10790)
Vulnerability from nvd – Published: 2017-07-02 03:00 – Updated: 2024-08-05 17:50
VLAI?
Summary
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201710-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-11"
},
{
"name": "USN-3547-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3547-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1464141"
},
{
"name": "DSA-4106",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4106"
},
{
"name": "[debian-lts-announce] 20200628 [SECURITY] [DLA 2255-1] libtasn1-6 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00026.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:08:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201710-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-11"
},
{
"name": "USN-3547-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3547-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1464141"
},
{
"name": "DSA-4106",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4106"
},
{
"name": "[debian-lts-announce] 20200628 [SECURITY] [DLA 2255-1] libtasn1-6 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00026.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201710-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-11"
},
{
"name": "USN-3547-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3547-1/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1464141",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1464141"
},
{
"name": "DSA-4106",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4106"
},
{
"name": "[debian-lts-announce] 20200628 [SECURITY] [DLA 2255-1] libtasn1-6 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00026.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10790",
"datePublished": "2017-07-02T03:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6891 (GCVE-0-2017-6891)
Vulnerability from nvd – Published: 2017-05-22 19:00 – Updated: 2024-08-05 15:41
VLAI?
Summary
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.
Severity ?
No CVSS data available.
CWE
- Stack-based buffer overflow leading to system compromise
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Flexera Software LLC | GnuTLS libtasn1 |
Affected:
4.10. Other versions may also be affected.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201710-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-11"
},
{
"name": "DSA-3861",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3861"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/76125/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=5520704d075802df25ce4ffccc010ba1641bd484"
},
{
"name": "98641",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98641"
},
{
"name": "1038619",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038619"
},
{
"name": "openSUSE-SU-2019:1510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GnuTLS libtasn1",
"vendor": "Flexera Software LLC",
"versions": [
{
"status": "affected",
"version": "4.10. Other versions may also be affected."
}
]
}
],
"datePublic": "2017-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack-based buffer overflow leading to system compromise",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:07:27",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "GLSA-201710-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-11"
},
{
"name": "DSA-3861",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3861"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/76125/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=5520704d075802df25ce4ffccc010ba1641bd484"
},
{
"name": "98641",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98641"
},
{
"name": "1038619",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038619"
},
{
"name": "openSUSE-SU-2019:1510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2017-6891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GnuTLS libtasn1",
"version": {
"version_data": [
{
"version_value": "4.10. Other versions may also be affected."
}
]
}
}
]
},
"vendor_name": "Flexera Software LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based buffer overflow leading to system compromise"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201710-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-11"
},
{
"name": "DSA-3861",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3861"
},
{
"name": "https://secuniaresearch.flexerasoftware.com/advisories/76125/",
"refsource": "MISC",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/76125/"
},
{
"name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/",
"refsource": "MISC",
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/"
},
{
"name": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484"
},
{
"name": "98641",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98641"
},
{
"name": "1038619",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038619"
},
{
"name": "openSUSE-SU-2019:1510",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2017-6891",
"datePublished": "2017-05-22T19:00:00",
"dateReserved": "2017-03-14T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4008 (GCVE-0-2016-4008)
Vulnerability from nvd – Published: 2016-05-05 18:00 – Updated: 2024-08-06 00:17
VLAI?
Summary
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:30.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201703-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201703-05"
},
{
"name": "FEDORA-2016-048ffb6235",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625"
},
{
"name": "USN-2957-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2957-2"
},
{
"name": "FEDORA-2016-383b8250e6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.html"
},
{
"name": "openSUSE-SU-2016:1567",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html"
},
{
"name": "[help-libtasn1] 20160411 GNU Libtasn1 4.8 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/help-libtasn1/2016-04/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=f435825c0f527a8e52e6ffbc3ad0bc60531d537e"
},
{
"name": "DSA-3568",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3568"
},
{
"name": "openSUSE-SU-2016:1674",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html"
},
{
"name": "FEDORA-2016-96bfd9e873",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.html"
},
{
"name": "USN-2957-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2957-1"
},
{
"name": "[oss-security] 20160411 Infinite loops parsing malicious DER certificates in libtasn1 4.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/11/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201703-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201703-05"
},
{
"name": "FEDORA-2016-048ffb6235",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625"
},
{
"name": "USN-2957-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2957-2"
},
{
"name": "FEDORA-2016-383b8250e6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.html"
},
{
"name": "openSUSE-SU-2016:1567",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html"
},
{
"name": "[help-libtasn1] 20160411 GNU Libtasn1 4.8 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/help-libtasn1/2016-04/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=f435825c0f527a8e52e6ffbc3ad0bc60531d537e"
},
{
"name": "DSA-3568",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3568"
},
{
"name": "openSUSE-SU-2016:1674",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html"
},
{
"name": "FEDORA-2016-96bfd9e873",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.html"
},
{
"name": "USN-2957-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2957-1"
},
{
"name": "[oss-security] 20160411 Infinite loops parsing malicious DER certificates in libtasn1 4.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/11/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201703-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201703-05"
},
{
"name": "FEDORA-2016-048ffb6235",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.html"
},
{
"name": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625"
},
{
"name": "USN-2957-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2957-2"
},
{
"name": "FEDORA-2016-383b8250e6",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.html"
},
{
"name": "openSUSE-SU-2016:1567",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html"
},
{
"name": "[help-libtasn1] 20160411 GNU Libtasn1 4.8 released",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/help-libtasn1/2016-04/msg00009.html"
},
{
"name": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=f435825c0f527a8e52e6ffbc3ad0bc60531d537e",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=f435825c0f527a8e52e6ffbc3ad0bc60531d537e"
},
{
"name": "DSA-3568",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3568"
},
{
"name": "openSUSE-SU-2016:1674",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html"
},
{
"name": "FEDORA-2016-96bfd9e873",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.html"
},
{
"name": "USN-2957-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2957-1"
},
{
"name": "[oss-security] 20160411 Infinite loops parsing malicious DER certificates in libtasn1 4.7",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/11/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4008",
"datePublished": "2016-05-05T18:00:00",
"dateReserved": "2016-04-13T00:00:00",
"dateUpdated": "2024-08-06T00:17:30.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3622 (GCVE-0-2015-3622)
Vulnerability from nvd – Published: 2015-05-12 19:00 – Updated: 2024-08-06 05:47
VLAI?
Summary
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201509-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201509-04"
},
{
"name": "1032246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032246"
},
{
"name": "FEDORA-2015-7288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158225.html"
},
{
"name": "RHSA-2017:1860",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1860"
},
{
"name": "20150430 Heap overflow / invalid read in Libtasn1 before 4.5 (TFPA 005/2015)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Apr/109"
},
{
"name": "DSA-3256",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3256"
},
{
"name": "[help-libtasn1] 20150429 GNU Libtasn1 4.5 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/help-libtasn1/2015-04/msg00000.html"
},
{
"name": "openSUSE-SU-2016:1567",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html"
},
{
"name": "MDVSA-2015:232",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:232"
},
{
"name": "openSUSE-SU-2015:1372",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00014.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/131711/libtasn1-Heap-Overflow.html"
},
{
"name": "74419",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74419"
},
{
"name": "openSUSE-SU-2016:1674",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html"
},
{
"name": "USN-2604-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2604-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201509-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201509-04"
},
{
"name": "1032246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032246"
},
{
"name": "FEDORA-2015-7288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158225.html"
},
{
"name": "RHSA-2017:1860",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1860"
},
{
"name": "20150430 Heap overflow / invalid read in Libtasn1 before 4.5 (TFPA 005/2015)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Apr/109"
},
{
"name": "DSA-3256",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3256"
},
{
"name": "[help-libtasn1] 20150429 GNU Libtasn1 4.5 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/help-libtasn1/2015-04/msg00000.html"
},
{
"name": "openSUSE-SU-2016:1567",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html"
},
{
"name": "MDVSA-2015:232",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:232"
},
{
"name": "openSUSE-SU-2015:1372",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00014.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/131711/libtasn1-Heap-Overflow.html"
},
{
"name": "74419",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74419"
},
{
"name": "openSUSE-SU-2016:1674",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html"
},
{
"name": "USN-2604-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2604-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201509-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201509-04"
},
{
"name": "1032246",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032246"
},
{
"name": "FEDORA-2015-7288",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158225.html"
},
{
"name": "RHSA-2017:1860",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1860"
},
{
"name": "20150430 Heap overflow / invalid read in Libtasn1 before 4.5 (TFPA 005/2015)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Apr/109"
},
{
"name": "DSA-3256",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3256"
},
{
"name": "[help-libtasn1] 20150429 GNU Libtasn1 4.5 released",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/help-libtasn1/2015-04/msg00000.html"
},
{
"name": "openSUSE-SU-2016:1567",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html"
},
{
"name": "MDVSA-2015:232",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:232"
},
{
"name": "openSUSE-SU-2015:1372",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00014.html"
},
{
"name": "http://packetstormsecurity.com/files/131711/libtasn1-Heap-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131711/libtasn1-Heap-Overflow.html"
},
{
"name": "74419",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74419"
},
{
"name": "openSUSE-SU-2016:1674",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html"
},
{
"name": "USN-2604-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2604-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3622",
"datePublished": "2015-05-12T19:00:00",
"dateReserved": "2015-04-30T00:00:00",
"dateUpdated": "2024-08-06T05:47:57.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2806 (GCVE-0-2015-2806)
Vulnerability from nvd – Published: 2015-04-10 14:00 – Updated: 2024-08-06 05:24
VLAI?
Summary
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:39.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2015:193",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:193"
},
{
"name": "GLSA-201509-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201509-04"
},
{
"name": "FEDORA-2015-5199",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155270.html"
},
{
"name": "USN-2559-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2559-1"
},
{
"name": "FEDORA-2015-5308",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155117.html"
},
{
"name": "FEDORA-2015-5390",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155435.html"
},
{
"name": "FEDORA-2015-5245",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155483.html"
},
{
"name": "[oss-security] 20150330 Re: Fw: GNU Libtasn1 4.4 released ( fixes stack overflow in asn1_der_decoding)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/31/2"
},
{
"name": "1032080",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032080"
},
{
"name": "73436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73436"
},
{
"name": "RHSA-2017:1860",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1860"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "FEDORA-2015-5114",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154805.html"
},
{
"name": "DSA-3220",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3220"
},
{
"name": "FEDORA-2015-5182",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154741.html"
},
{
"name": "[oss-security] 20150329 Fw: GNU Libtasn1 4.4 released ( fixes stack overflow in asn1_der_decoding)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/29/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=4d4f992826a4962790ecd0cce6fbba4a415ce149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2015:193",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:193"
},
{
"name": "GLSA-201509-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201509-04"
},
{
"name": "FEDORA-2015-5199",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155270.html"
},
{
"name": "USN-2559-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2559-1"
},
{
"name": "FEDORA-2015-5308",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155117.html"
},
{
"name": "FEDORA-2015-5390",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155435.html"
},
{
"name": "FEDORA-2015-5245",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155483.html"
},
{
"name": "[oss-security] 20150330 Re: Fw: GNU Libtasn1 4.4 released ( fixes stack overflow in asn1_der_decoding)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/31/2"
},
{
"name": "1032080",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032080"
},
{
"name": "73436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73436"
},
{
"name": "RHSA-2017:1860",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1860"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "FEDORA-2015-5114",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154805.html"
},
{
"name": "DSA-3220",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3220"
},
{
"name": "FEDORA-2015-5182",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154741.html"
},
{
"name": "[oss-security] 20150329 Fw: GNU Libtasn1 4.4 released ( fixes stack overflow in asn1_der_decoding)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/29/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=4d4f992826a4962790ecd0cce6fbba4a415ce149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2015:193",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:193"
},
{
"name": "GLSA-201509-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201509-04"
},
{
"name": "FEDORA-2015-5199",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155270.html"
},
{
"name": "USN-2559-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2559-1"
},
{
"name": "FEDORA-2015-5308",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155117.html"
},
{
"name": "FEDORA-2015-5390",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155435.html"
},
{
"name": "FEDORA-2015-5245",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155483.html"
},
{
"name": "[oss-security] 20150330 Re: Fw: GNU Libtasn1 4.4 released ( fixes stack overflow in asn1_der_decoding)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/31/2"
},
{
"name": "1032080",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032080"
},
{
"name": "73436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73436"
},
{
"name": "RHSA-2017:1860",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1860"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "FEDORA-2015-5114",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154805.html"
},
{
"name": "DSA-3220",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3220"
},
{
"name": "FEDORA-2015-5182",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154741.html"
},
{
"name": "[oss-security] 20150329 Fw: GNU Libtasn1 4.4 released ( fixes stack overflow in asn1_der_decoding)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/29/4"
},
{
"name": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=4d4f992826a4962790ecd0cce6fbba4a415ce149",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=4d4f992826a4962790ecd0cce6fbba4a415ce149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2806",
"datePublished": "2015-04-10T14:00:00",
"dateReserved": "2015-03-30T00:00:00",
"dateUpdated": "2024-08-06T05:24:39.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3468 (GCVE-0-2014-3468)
Vulnerability from nvd – Published: 2014-06-05 20:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:06.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60320"
},
{
"name": "DSA-3056",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"name": "59057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59057"
},
{
"name": "SUSE-SU-2014:0758",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"name": "MDVSA-2015:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"name": "59021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59021"
},
{
"name": "61888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61888"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"name": "RHSA-2014:0815",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"name": "RHSA-2014:0596",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323"
},
{
"name": "58591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58591"
},
{
"name": "RHSA-2014:0687",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"name": "58614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58614"
},
{
"name": "SUSE-SU-2014:0788",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"name": "RHSA-2014:0594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"name": "60415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60415"
},
{
"name": "59408",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "60320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60320"
},
{
"name": "DSA-3056",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"name": "59057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59057"
},
{
"name": "SUSE-SU-2014:0758",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"name": "MDVSA-2015:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"name": "59021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59021"
},
{
"name": "61888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61888"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"name": "RHSA-2014:0815",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"name": "RHSA-2014:0596",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323"
},
{
"name": "58591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58591"
},
{
"name": "RHSA-2014:0687",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"name": "58614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58614"
},
{
"name": "SUSE-SU-2014:0788",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"name": "RHSA-2014:0594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"name": "60415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60415"
},
{
"name": "59408",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59408"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60320"
},
{
"name": "DSA-3056",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3056"
},
{
"name": "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=1c3ccb3e040bf13e342ee60bc23b21b97b11923f"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7015302",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7015302"
},
{
"name": "59057",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59057"
},
{
"name": "SUSE-SU-2014:0758",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html"
},
{
"name": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html",
"refsource": "CONFIRM",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0596.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0596.html"
},
{
"name": "MDVSA-2015:116",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116"
},
{
"name": "59021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59021"
},
{
"name": "61888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61888"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0247.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0247.html"
},
{
"name": "RHSA-2014:0815",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html"
},
{
"name": "RHSA-2014:0596",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html"
},
{
"name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7015303",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7015303"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0594.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0594.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102323"
},
{
"name": "58591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58591"
},
{
"name": "RHSA-2014:0687",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html"
},
{
"name": "58614",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58614"
},
{
"name": "SUSE-SU-2014:0788",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html"
},
{
"name": "RHSA-2014:0594",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html"
},
{
"name": "60415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60415"
},
{
"name": "59408",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59408"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3468",
"datePublished": "2014-06-05T20:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:43:06.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}