Lucene search

K

10 matches found

CVE
CVE
added 2022/10/24 2:15 p.m.305 views

CVE-2021-46848

GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.

9.1CVSS9.3AI score0.00255EPSS
CVE
CVE
added 2017/07/02 3:29 a.m.212 views

CVE-2017-10790

The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.

7.5CVSS6.1AI score0.00763EPSS
CVE
CVE
added 2012/03/26 7:55 p.m.180 views

CVE-2012-1569

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly...

5CVSS8.8AI score0.10039EPSS
CVE
CVE
added 2018/01/22 8:29 p.m.169 views

CVE-2018-6003

An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.

7.5CVSS7.2AI score0.01584EPSS
CVE
CVE
added 2015/04/10 3:0 p.m.108 views

CVE-2015-2806

Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.

10CVSS6.3AI score0.12329EPSS
CVE
CVE
added 2015/05/12 7:59 p.m.93 views

CVE-2015-3622

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.

4.3CVSS6.7AI score0.06062EPSS
CVE
CVE
added 2014/06/05 8:55 p.m.92 views

CVE-2014-3467

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

5CVSS6AI score0.07799EPSS
CVE
CVE
added 2016/05/05 6:59 p.m.92 views

CVE-2016-4008

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.

5.9CVSS5.4AI score0.04246EPSS
CVE
CVE
added 2014/06/05 8:55 p.m.84 views

CVE-2014-3468

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.

7.5CVSS5.8AI score0.07656EPSS
CVE
CVE
added 2014/06/05 8:55 p.m.73 views

CVE-2014-3469

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.

5CVSS5.6AI score0.06235EPSS