GO-2025-4011 Parsing DER payload can cause memory exhaustion in encoding/asn1

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion...

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go that stems from the possibility of allocating a large amount of memory when parsing a specially crafted DER payload, leading to...

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2025-1239)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1239 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL...

EUVD-2001-0959

Malware in sbrugna...

CVE-2025-55398

An issue was discovered in mouse07410 asn1c thru 0.9.29 2025-03-20 - a fork of vlm asn1c. In UPER Unaligned Packed Encoding Rules, asn1c-generated decoders fail to enforce INTEGER constraints when the bound is positive and exceeds 32 bits in length, potentially allowing incorrect or malicious inp...

CVE-2025-55398

An issue was discovered in mouse07410 asn1c thru 0.9.29 2025-03-20 - a fork of vlm asn1c. In UPER Unaligned Packed Encoding Rules, asn1c-generated decoders fail to enforce INTEGER constraints when the bound is positive and exceeds 32 bits in length, potentially allowing incorrect or malicious inp...

CVE-2025-55398

An issue was discovered in mouse07410 asn1c thru 0.9.29 2025-03-20 - a fork of vlm asn1c. In UPER Unaligned Packed Encoding Rules, asn1c-generated decoders fail to enforce INTEGER constraints when the bound is positive and exceeds 32 bits in length, potentially allowing incorrect or malicious inp...

CVE-2025-55398

CVE-2025-55398 affects the mouse07410 asn1c fork (through 0.9.29). In UPER decoding, asn1c-generated decoders fail to enforce INTEGER constraints when the bound is positive and exceeds 32 bits, potentially processing malformed input. Affected: decoders in this asn1c fork; impact is high (per CVSS...

PT-2025-34448 · Mouse07410 · Asn1C

Name of the Vulnerable Software and Affected Versions: mouse07410 asn1c versions through 0.9.29 Description: An issue was discovered in decoders generated by asn1c. When using UPER Unaligned Packed Encoding Rules, the decoders fail to enforce constraints on INTEGER values if the positive bound...

CVE-2025-55398

An issue was discovered in mouse07410 asn1c thru 0.9.29 2025-03-20 - a fork of vlm asn1c. In UPER Unaligned Packed Encoding Rules, asn1c-generated decoders fail to enforce INTEGER constraints when the bound is positive and exceeds 32 bits in length, potentially allowing incorrect or malicious inp...

Medium: libtasn1

Issue Overview: When an input DER data contains a large number of SEQUENCE OF or SET OF elements, decoding the data and searching a specific element in it take quadratic time to complete. This could be utilized for a remote DoS attack by presenting a crafted certificate to the network peer...

gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially...

gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially...

Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos

...

Security update for gnutls

This update for gnutls fixes the following issues: CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS bsc1236974. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

PT-2024-31492

Name of the Vulnerable Software and Affected Versions Fort versions prior to 1.6.3 Description An issue was discovered in Fort where a malicious RPKI repository that descends from a trusted Trust Anchor can serve an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This...

DEBIAN-CVE-2024-42461

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a denial of service when decoding an ASN.1 OER message containing an unknown extension sequence...

PT-2024-18877 · Qualcomm · Snapdragon +6

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves a transient Denial of Service DOS that occurs while decoding an ASN.1 OER message containing a SEQUENCE of unknown extensions. No...

SUSE CVE-2016-9132

In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned incorrect and attacker controlled length field in a way which later causes memory corruption or other failure...