13 matches found
CVE-2021-46848
CVE-2021-46848 affects GNU libtasn1 prior to 4.19.0, due to an off-by-one array size check in the ETYPE_OK path that can impact ASN.1 DER encoding (asn1_encode_simple_der). Public details in connected sources indicate vulnerable versions are
CVE-2018-1000654
CVE-2018-1000654 involves GNU libtasn1 (libtasn1-4.12/4.13). The DoS arises from an infinite loop in the BER/ASN.1 expansion path via _asn1_expand_object_id(p_tree), triggered by parsing crafted input, which can lead to 100% CPU and eventual process termination. Several unpatched Red Hat/Nessus e...
CVE-2017-10790
The CVE-2017-10790 entry concerns GNU Libtasn1 up to version 4.12. The connected documents indicate a vulnerability in libtasn1 where a NULL pointer dereference occurs in _asn1_check_identifier when reading crafted input, leading to a remote denial of service (crash). The IBM-X-Force entry assign...
CVE-2017-6891
CVE-2017-6891 affects libtasn1 (GnuTLS libtasn1) with two errors in asn1_find_node() in lib/parser_aux.c of version 4.10 that can be triggered by processing a specially crafted assignments file (e.g., via asn1Coding). This can cause a stack-based buffer overflow and allow arbitrary code execution...
CVE-2012-1569
CVE-2012-1569 involves the libtasn1 ASN.1 DER library. The issue is a flaw in asn1_get_length_der handling large length values, present in libtasn1 before 2.12 and used by GnuTLS before 3.0.16. A crafted DER structure can trigger heap memory corruption, leading to a remote denial of service (appl...
CVE-2018-6003
CVE-2018-6003 affects GNU Libtasn1 (libtasn1) with unlimited recursion in _asn1_decode_simple_ber in decoding.c, leading to stack exhaustion and DoS. Affected product: Cloud Pak for Security (CP4S) versions 1.8.1.0, 1.8.0.0, 1.7.2.0. Remediation: upgrade to CP4S 1.9.0.0. See remediation guidance ...
CVE-2015-2806
CVE-2015-2806 is linked to an unspecified error in libtasn1/asn1_der_decoding within GnuTLS used by IBM Power Hardware Management Console (HMC). IBM’s bulletin lists the vulnerability as affecting Power HMC V7.9.0.0 with a base CVSS 6.8 (vector AV:N/AC:M/Au:N/C:P/I:P/A:P). Remediation provided vi...
CVE-2015-3622
CVE-2015-3622 affects the libtasn1 library (ASN.1 parsing/DER encoding). The vulnerability is in _asn1_extract_der_octet() in libtasn1’s decoding.c, which can read beyond the allocated buffer when processing certain DER-encoded input, leading to a remote denial of service via a crafted certificat...
CVE-2014-3467
GNUTLS/library libtasn1 vulnerability CVE-2014-3467 is due to multiple issues in the DER decoder of GNU Libtasn1 up to version 3.5.x (pre-3.6), exploited by crafted ASN.1 data to cause a denial of service via out-of-bounds read. The issue is confirmed in multiple advisories (F5 SOL15423, ALAS-201...
CVE-2016-4008
CVE-2016-4008 affects GNU Libtasn1: the _asn1_extract_der_octet function in lib/decoding.c can cause a denial of service (infinite recursion) when processing certain malformed DER certificates if used without ASN1_DECODE_FLAG_STRICT_DER. The issue was fixed in libtasn1 4.8; advisories across dist...
CVE-2014-3468
The CVE concerns GNU Libtasn1 prior to version 3.6, where asn1_get_bit_der does not properly report an error for a negative bit length. This can enable context-dependent attackers to trigger out-of-bounds access via crafted ASN.1 data, potentially impacting applications using libtasn1. Public ref...
CVE-2014-3469
CVE-2014-3469 affects GNU libtasn1 before 3.6, where the functions asn1_read_value_type and asn1_read_value may dereference a NULL ivalue. In this context, crafted ASN.1 data can trigger a NULL pointer dereference in the library, leading to a denial of service (crash). The vulnerability is noted ...
CVE-2025-13151
Concrete details found: CVE-2025-13151 affects GNU libtasn1 (libtasn1) with a stack-based buffer overflow in asn1_expend_octet_string due to insufficient input size validation in libtasn1 v4.20.0. The issue is documented with a patch proposal in merge request 121 (gitlab.com/gnutls/libtasn1). Ref...