libtasn1 buffer overflow

Heap buffer overflow on DER decoding...

[ MDVSA-2015:232 ] libtasn1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:232 http://www.mandriva.com/en/support/security/ Package : libtasn1 Date : May 8, 2015 Affected: Business Server 1.0, Business Server 2.0 Problem Description: Updated libtasn1 packages fix security...

Updated libtasn1 packages fix CVE-2015-3622

Updated libtasn1 packages fix security vulnerability: A malformed certificate input could cause a heap overflow read in the DER decoding functions of Libtasn1. The heap overflow happens in the function asn1extractderoctet CVE-2015-3622...

MGASA-2015-0200 Updated libtasn1 packages fix CVE-2015-3622

Updated libtasn1 packages fix security vulnerability: A malformed certificate input could cause a heap overflow read in the DER decoding functions of Libtasn1. The heap overflow happens in the function asn1extractderoctet CVE-2015-3622...

libtasn1 stack buffer overflow vulnerability

Libtasn1 is a C library from the GNU project for developing ASN.1 Abstract Syntax Notation One, a standard for describing the representation, encoding, transmission, and decoding of data structure management. A stack buffer overflow vulnerability exists in the asn1derdecoding function in versions...

DEBIAN-CVE-2015-2806

Stack-based buffer overflow in asn1derdecoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors...

UBUNTU-CVE-2015-2806

Stack-based buffer overflow in asn1derdecoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors...

Debian DLA-154-1 : nss security update (BEAST)

nss 3.12.8-1+squeeze11 fixes two security issues : CVE-2011-3389 SSL 3.0 and TLS 1.0 connections were vulnerable to some chosen plaintext attacks which allowed man-in-the middle attackers to obtain plaintext HTTP headers on an HTTPS session. This issue is known as the 'BEAST' attack. CVE-2014-156...

FreeBSD : mozilla -- multiple vulnerabilities (7ae61870-9dd2-4884-a2f2-f19bb5784d09)

The Mozilla Project reports : ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data MFSA-2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory MFSA-2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer...

Oracle Linux 6 : libtasn1 (ELSA-2014-0596)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0596 advisory. 2.3-6 - added check for null pointer 1102336 2.3-5 - fix various DER decoding issues 1102336 2.3-4 - fix CVE-2012-1569 - missing length check when...

libtasn1 security update

2.3-6 - added check for null pointer 1102336 2.3-5 - fix various DER decoding issues 1102336 2.3-4 - fix CVE-2012-1569 - missing length check when decoding DER lengths 804920...

Libtasn1: Denial of service

Background Libtasn1 is a library used to parse ASN.1 Abstract Syntax Notation One objects, and perform DER Distinguished Encoding Rules decoding. Description Libtasn1 does not properly handle length fields when performing DER decoding. Impact A remote attacker could entice a user to open a...

libtasn1: DER decoding buffer overflow (GNUTLS-SA-2012-3, MU-201202-02)

The asn1getlengthder function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service heap memory corruption and application crash or possibly ha...

Fedora 15 : mingw-libtasn1-2.12-1.fc15 / mingw32-gnutls-2.10.5-2.fc15 (2012-4417)

This update fixes a a DER decoding buffer overflow in the MinGW cross compiled libtasn1 and gnutls packages. The mingw-gnutls build also switches to using the system libtasn1 library instead of its bundled copy. Note that Tenable Network Security has extracted the preceding description block...

Fedora 16 : mingw-libtasn1-2.12-1.fc16 / mingw32-gnutls-2.12.14-3.fc16 (2012-4409)

This update fixes a a DER decoding buffer overflow in the MinGW cross compiled libtasn1 and gnutls packages. The mingw-gnutls build also switches to using the system libtasn1 library instead of its bundled copy. Note that Tenable Network Security has extracted the preceding description block...

libtasn1: DER decoding buffer overflow (GNUTLS-SA-2012-3, MU-201202-02)

The asn1getlengthder function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service heap memory corruption and application crash or possibly ha...

Important: Red Hat Security Advisory: libtasn1 security update

Updated libtasn1 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

libtasn1: DER decoding buffer overflow (GNUTLS-SA-2012-3, MU-201202-02)

The asn1getlengthder function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service heap memory corruption and application crash or possibly ha...

Debian: Security Advisory (DSA-986-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 985-1 (libtasn1-2)

The remote host is missing an update to libtasn1-2 announced via advisory DSA 985-1. Evgeny Legerov discovered several out-of-bounds memory accesses in the DER decoding component component of the Tiny ASN.1 Library that allows attackers to crash the DER decoder and possibly execute arbitrary code...