CVE-2012-1569
8.2 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.916 High
EPSS
Percentile
98.9%
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.
References
archives.neohapsis.com/archives/bugtraq/2012-03/0099.html
article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932
article.gmane.org/gmane.comp.gnu.libtasn1.general/53
article.gmane.org/gmane.comp.gnu.libtasn1.general/54
blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/
linux.oracle.com/errata/ELSA-2014-0596.html
lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html
lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html
lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html
lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html
lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html
lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html
lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
rhn.redhat.com/errata/RHSA-2012-0427.html
rhn.redhat.com/errata/RHSA-2012-0488.html
rhn.redhat.com/errata/RHSA-2012-0531.html
secunia.com/advisories/48397
secunia.com/advisories/48488
secunia.com/advisories/48505
secunia.com/advisories/48578
secunia.com/advisories/48596
secunia.com/advisories/49002
secunia.com/advisories/50739
secunia.com/advisories/57260
www.debian.org/security/2012/dsa-2440
www.gnu.org/software/gnutls/security.html
www.mandriva.com/security/advisories?name=MDVSA-2012:039
www.openwall.com/lists/oss-security/2012/03/20/3
www.openwall.com/lists/oss-security/2012/03/20/8
www.openwall.com/lists/oss-security/2012/03/21/5
www.securitytracker.com/id?1026829
www.ubuntu.com/usn/USN-1436-1
bugzilla.redhat.com/show_bug.cgi?id=804920
Related
8.2 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.916 High
EPSS
Percentile
98.9%