Libtasn1 Security Vulnerabilities and Issues — Libtasn1 CVE List

Lucene search

GnuLibtasn1

12 matches found

CVE•added 2022/10/24 2:15 p.m.•305 views

CVE-2021-46848

GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.

9.1CVSS9.3AI score0.00255EPSS

CVE•added 2018/08/20 7:31 p.m.•272 views

CVE-2018-1000654

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable ...

7.1CVSS5.3AI score0.0012EPSS

CVE•added 2017/07/02 3:29 a.m.•212 views

CVE-2017-10790

The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.

7.5CVSS6.1AI score0.00763EPSS

CVE•added 2017/05/22 7:29 p.m.•201 views

CVE-2017-6891

Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.

8.8CVSS8.5AI score0.00802EPSS

CVE•added 2012/03/26 7:55 p.m.•180 views

CVE-2012-1569

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly...

5CVSS8.8AI score0.10039EPSS

CVE•added 2018/01/22 8:29 p.m.•169 views

CVE-2018-6003

An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.

7.5CVSS7.2AI score0.01584EPSS

CVE•added 2015/04/10 3:0 p.m.•108 views

CVE-2015-2806

Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.

10CVSS6.3AI score0.12329EPSS

CVE•added 2015/05/12 7:59 p.m.•93 views

CVE-2015-3622

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.

4.3CVSS6.7AI score0.06062EPSS

CVE•added 2014/06/05 8:55 p.m.•92 views

CVE-2014-3467

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

5CVSS6AI score0.07799EPSS

CVE•added 2016/05/05 6:59 p.m.•92 views

CVE-2016-4008

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.

5.9CVSS5.4AI score0.04246EPSS

CVE•added 2014/06/05 8:55 p.m.•84 views

CVE-2014-3468

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.

7.5CVSS5.8AI score0.07656EPSS

CVE•added 2014/06/05 8:55 p.m.•73 views

CVE-2014-3469

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.

5CVSS5.6AI score0.06235EPSS