Lucene search

K
cve[email protected]CVE-2015-3622
HistoryMay 12, 2015 - 7:59 p.m.

CVE-2015-3622

2015-05-1219:59:24
CWE-119
web.nvd.nist.gov
70
cve-2015-3622
information security
remote attackers
denial of service
out-of-bounds heap read
crafted certificate
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.7

Confidence

High

EPSS

0.924

Percentile

99.0%

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.

Affected configurations

NVD
Node
opensuseopensuseMatch13.2
Node
fedoraprojectfedoraMatch21
Node
gnulibtasn1Range4.4
CPENameOperatorVersion
opensuse:opensuseopensuseeq13.2

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.7

Confidence

High

EPSS

0.924

Percentile

99.0%