Lucene search

K
freebsdFreeBSD2E7E9072-73A0-11E1-A883-001CC0A36E12
HistoryMar 20, 2012 - 12:00 a.m.

libtasn1 -- ASN.1 length decoding vulnerability

2012-03-2000:00:00
vuxml.freebsd.org
16

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.916

Percentile

98.9%

Mu Dynamics, Inc. reports:

Various functions using the ASN.1 length decoding logic in
Libtasn1 were incorrectly assuming that the return value from
asn1_get_length_der is always less than the length of the
enclosing ASN.1 structure, which is only true for valid
structures and not for intentionally corrupt or otherwise
buggy structures.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchlibtasn1< 2.12UNKNOWN
FreeBSDanynoarchgnutls< 2.12.18UNKNOWN
FreeBSDanynoarchgnutls-devel< 3.0.16UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.916

Percentile

98.9%