logo
DATABASE RESOURCES PRICING ABOUT US

libtasn1 -- ASN.1 length decoding vulnerability

Description

Mu Dynamics, Inc. reports: Various functions using the ASN.1 length decoding logic in Libtasn1 were incorrectly assuming that the return value from asn1_get_length_der is always less than the length of the enclosing ASN.1 structure, which is only true for valid structures and not for intentionally corrupt or otherwise buggy structures.


Affected Package


OS OS Version Package Name Package Version
FreeBSD any libtasn1 2.12
FreeBSD any gnutls 2.12.18
FreeBSD any gnutls-devel 3.0.16

Related