Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2017:1860
HistoryAug 24, 2017 - 1:39 a.m.

libtasn1 security update

2017-08-2401:39:20
CentOS Project
lists.centos.org
105

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.924 High

EPSS

Percentile

99.0%

JSON

CentOS Errata and Security Advisory CESA-2017:1860

Libtasn1 is a library that provides Abstract Syntax Notation One (ASN.1, as specified by the X.680 ITU-T recommendation) parsing and structures management, and Distinguished Encoding Rules (DER, as per X.690) encoding and decoding functions.

The following packages have been upgraded to a later upstream version: libtasn1 (4.10). (BZ#1360639)

Security Fix(es):

  • A heap-based buffer overflow flaw was found in the way the libtasn1 library decoded certain DER-encoded inputs. A specially crafted DER-encoded input could cause an application using libtasn1 to perform an invalid read, causing the application to crash. (CVE-2015-3622)

  • A stack-based buffer overflow was found in the way libtasn1 decoded certain DER encoded data. An attacker could use this flaw to crash an application using the libtasn1 library. (CVE-2015-2806)

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2017-August/030592.html

Affected packages:
libtasn1
libtasn1-devel
libtasn1-tools

Upstream details at:
https://access.redhat.com/errata/RHSA-2017:1860

Related

openvas 30
redhat 1
nessus 34
gentoo 1
oraclelinux 1
ibm 6
debiancve 2
securityvulns 4
fedora 9
veracode 4
cvelist 2
debian 5
archlinux 2
ubuntucve 2
cve 2
freebsd 1
mageia 2
prion 2
ubuntu 2
checkpoint_advisories 1
nvd 2
osv 2
suse 2
openvas
openvas
Huawei EulerOS: Security Advisory for libtasn1 (EulerOS-SA-2017-1172)
2020-01-23 00:00:00
RedHat Update for libtasn1 RHSA-2017:1860-01
2017-08-04 00:00:00
Huawei EulerOS: Security Advisory for libtasn1 (EulerOS-SA-2017-1171)
2020-01-23 00:00:00
redhat
redhat
(RHSA-2017:1860) Moderate: libtasn1 security, bug fix, and enhancement update
2017-08-01 05:55:26
nessus
nessus
RHEL 7 : libtasn1 (RHSA-2017:1860)
2017-08-03 00:00:00
Scientific Linux Security Update : libtasn1 on SL7.x x86_64 (20170801)
2017-08-22 00:00:00
EulerOS 2.0 SP2 : libtasn1 (EulerOS-SA-2017-1172)
2017-09-08 00:00:00
gentoo
gentoo
libtasn1: Multiple vulnerabilities
2015-09-24 00:00:00
oraclelinux
oraclelinux
libtasn1 security, bug fix, and enhancement update
2017-08-07 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in libtasn1 affect PowerKVM
2018-06-18 01:37:31
Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in libtasn1 (CVE-2015-3622, CVE-2015-2806)
2018-06-16 22:02:07
Security Bulletin: IBM Security Access Manager appliances are affected by vulnerabilities in libtasn1 (CVE-2015-2806, CVE-2015-3622)
2018-06-16 22:03:36
debiancve
debiancve
CVE-2015-3622
2015-05-12 19:59:24
CVE-2015-2806
2015-04-10 15:00:05
securityvulns
securityvulns
[ MDVSA-2015:232 ] libtasn1
2015-05-10 00:00:00
libtasn1 buffer overflow
2015-05-10 00:00:00
[USN-2559-1] Libtasn1 vulnerability
2015-04-08 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: libtasn1-4.5-1.fc21
2015-05-19 16:20:56
[SECURITY] Fedora 22 Update: libtasn1-4.4-1.fc22
2015-04-21 18:57:54
[SECURITY] Fedora 21 Update: mingw-gnutls-3.3.14-1.fc21
2015-04-21 19:16:16
veracode
veracode
Out-Of-Bounds Read
2018-08-08 03:02:05
Denial Of Service (DoS)
2018-05-22 06:57:51
Denial Of Service (DoS)
2019-05-02 06:44:46
cvelist
cvelist
CVE-2015-3622
2015-05-12 19:00:00
CVE-2015-2806
2015-04-10 14:00:00
debian
debian
[SECURITY] [DSA 3220-1] libtasn1-3 security update
2015-04-11 21:19:14
[SECURITY] [DSA 3220-1] libtasn1-3 security update
2015-04-11 21:19:14
[SECURITY] [DLA 195-1] libtasn1-3 security update
2015-04-12 17:37:44
archlinux
archlinux
libtasn1: arbitrary code execution
2015-05-08 00:00:00
libtasn1: stack overflow
2015-04-03 00:00:00
ubuntucve
ubuntucve
CVE-2015-3622
2015-05-01 00:00:00
CVE-2015-2806
2015-04-01 00:00:00
cve
cve
CVE-2015-2806
2015-04-10 15:00:05
CVE-2015-3622
2015-05-12 19:59:24
freebsd
freebsd
libtasn1 -- stack-based buffer overflow in asn1_der_decoding
2015-04-11 00:00:00
mageia
mageia
Updated libtasn1 packages fix CVE-2015-2806
2015-04-03 16:11:23
Updated libtasn1 packages fix CVE-2015-3622
2015-05-06 20:44:06
prion
prion
Stack overflow
2015-04-10 15:00:00
Design/Logic Flaw
2015-05-12 19:59:00
ubuntu
ubuntu
Libtasn1 vulnerability
2015-05-11 00:00:00
Libtasn1 vulnerability
2015-04-08 00:00:00
checkpoint_advisories
checkpoint_advisories
GnuTLS libtasn1 _asn1_extract_der_octet Memory Access Error (CVE-2015-3622)
2015-07-16 00:00:00
nvd
nvd
CVE-2015-3622
2015-05-12 19:59:24
CVE-2015-2806
2015-04-10 15:00:05
osv
osv
libtasn1-3 - security update
2015-04-12 00:00:00
libtasn1-3 - security update
2015-04-11 00:00:00
suse
suse
Security update for SLES 12 Docker image (important)
2017-10-11 03:06:53
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.924 High

EPSS

Percentile

99.0%

JSON
Related for CESA-2017:1860
openvas30redhat1nessus34gentoo1oraclelinux1ibm6debiancve2securityvulns4fedora9veracode4cvelist2debian5archlinux2ubuntucve2cve2freebsd1mageia2prion2ubuntu2checkpoint_advisories1nvd2osv2suse2