Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM1A82F94D24026ECC8A9F404DD9AFE796B9774C9B7B2410D1C499A4C4A0417A91
HistoryJun 16, 2018 - 10:02 p.m.

Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in libtasn1 (CVE-2015-3622, CVE-2015-2806)

2018-06-1622:02:07
www.ibm.com
14

0.924 High

EPSS

Percentile

99.0%

JSON

Summary

IBM QRadar Network Security has addressed vulnerabilities in libtasn1.

Vulnerability Details

CVEID: CVE-2015-3622**
DESCRIPTION:** GNU Libtasn1 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the _asn1_extract_der_octet() function. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/102782&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVEID: CVE-2015-2806**
DESCRIPTION:** An unspecified error in libtasn1 related to asn1_der_decoding has an unknown impact and attack vector.
CVSS Base Score: 6.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/102548&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected Products and Versions

IBM QRadar Network Security 5.4

Remediation/Fixes

Product

| VRMF| Remediation/First Fix
—|—|—
IBM QRadar Network Security| Firmware version 5.4| Install Firmware 5.4.0.2 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector.
Or
Download Firmware 5.4.0.2 from IBM Security License Key and Download Center and upload and install via the Available Updates page of the Local Management Interface.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm qradar network securityeq5.4

Related

nessus 34
centos 1
gentoo 1
oraclelinux 1
openvas 30
ibm 5
redhat 1
cve 2
debian 5
mageia 2
prion 2
nvd 2
fedora 9
osv 2
veracode 4
cvelist 2
debiancve 2
securityvulns 4
archlinux 2
ubuntucve 2
ubuntu 2
checkpoint_advisories 1
freebsd 1
suse 2
nessus
nessus
Oracle Linux 7 : libtasn1 (ELSA-2017-1860)
2017-08-09 00:00:00
CentOS 7 : libtasn1 (CESA-2017:1860)
2017-08-25 00:00:00
Scientific Linux Security Update : libtasn1 on SL7.x x86_64 (20170801)
2017-08-22 00:00:00
centos
centos
libtasn1 security update
2017-08-24 01:39:20
gentoo
gentoo
libtasn1: Multiple vulnerabilities
2015-09-24 00:00:00
oraclelinux
oraclelinux
libtasn1 security, bug fix, and enhancement update
2017-08-07 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for libtasn1 (EulerOS-SA-2017-1171)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for libtasn1 (EulerOS-SA-2017-1172)
2020-01-23 00:00:00
RedHat Update for libtasn1 RHSA-2017:1860-01
2017-08-04 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in libtasn1 affect PowerKVM
2018-06-18 01:37:31
Security Bulletin: IBM Security Access Manager appliances are affected by vulnerabilities in libtasn1 (CVE-2015-2806, CVE-2015-3622)
2018-06-16 22:03:36
Security Bulletin: Vulnerabilities in GnuTLS affect Power Hardware Management Console (CVE-2015-8313, CVE-2015-2806 )
2021-09-23 01:31:39
redhat
redhat
(RHSA-2017:1860) Moderate: libtasn1 security, bug fix, and enhancement update
2017-08-01 05:55:26
cve
cve
CVE-2015-3622
2015-05-12 19:59:24
CVE-2015-2806
2015-04-10 15:00:05
debian
debian
[SECURITY] [DSA 3256-1] libtasn1-6 security update
2015-05-10 17:53:37
[SECURITY] [DSA 3256-1] libtasn1-6 security update
2015-05-10 17:53:37
[SECURITY] [DSA 3220-1] libtasn1-3 security update
2015-04-11 21:19:14
mageia
mageia
Updated libtasn1 packages fix CVE-2015-3622
2015-05-06 20:44:06
Updated libtasn1 packages fix CVE-2015-2806
2015-04-03 16:11:23
prion
prion
Design/Logic Flaw
2015-05-12 19:59:00
Stack overflow
2015-04-10 15:00:00
nvd
nvd
CVE-2015-3622
2015-05-12 19:59:24
CVE-2015-2806
2015-04-10 15:00:05
fedora
fedora
[SECURITY] Fedora 21 Update: libtasn1-4.4-1.fc21
2015-04-18 09:47:40
[SECURITY] Fedora 22 Update: mingw-gnutls-3.3.14-1.fc22
2015-04-21 18:43:57
[SECURITY] Fedora 21 Update: libtasn1-4.5-1.fc21
2015-05-19 16:20:56
osv
osv
libtasn1-3 - security update
2015-04-11 00:00:00
libtasn1-3 - security update
2015-04-12 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:18:07
Denial Of Service (DoS)
2018-05-22 06:57:51
Out-Of-Bounds Read
2018-08-08 03:02:05
cvelist
cvelist
CVE-2015-2806
2015-04-10 14:00:00
CVE-2015-3622
2015-05-12 19:00:00
debiancve
debiancve
CVE-2015-3622
2015-05-12 19:59:24
CVE-2015-2806
2015-04-10 15:00:05
securityvulns
securityvulns
[ MDVSA-2015:232 ] libtasn1
2015-05-10 00:00:00
libtasn1 buffer overflow
2015-05-10 00:00:00
[USN-2559-1] Libtasn1 vulnerability
2015-04-08 00:00:00
archlinux
archlinux
libtasn1: arbitrary code execution
2015-05-08 00:00:00
libtasn1: stack overflow
2015-04-03 00:00:00
ubuntucve
ubuntucve
CVE-2015-3622
2015-05-01 00:00:00
CVE-2015-2806
2015-04-01 00:00:00
ubuntu
ubuntu
Libtasn1 vulnerability
2015-05-11 00:00:00
Libtasn1 vulnerability
2015-04-08 00:00:00
checkpoint_advisories
checkpoint_advisories
GnuTLS libtasn1 _asn1_extract_der_octet Memory Access Error (CVE-2015-3622)
2015-07-16 00:00:00
freebsd
freebsd
libtasn1 -- stack-based buffer overflow in asn1_der_decoding
2015-04-11 00:00:00
suse
suse
Security update for SLES 12 Docker image (important)
2017-10-11 03:06:53
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32

0.924 High

EPSS

Percentile

99.0%

JSON
Related for 1A82F94D24026ECC8A9F404DD9AFE796B9774C9B7B2410D1C499A4C4A0417A91
nessus34centos1gentoo1oraclelinux1openvas30ibm5redhat1cve2debian5mageia2prion2nvd2fedora9osv2veracode4cvelist2debiancve2securityvulns4archlinux2ubuntucve2ubuntu2checkpoint_advisories1freebsd1suse2