CVE-2015-3622

Publication date 1 May 2015

Last updated 24 July 2024

Ubuntu priority

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libtasn1-3	15.04 vivid	Not in release
	14.10 utopic	Not in release
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Fixed 2.10-1ubuntu1.4
libtasn1-6	15.04 vivid	Fixed 4.2-2ubuntu1.1
	14.10 utopic	Fixed 4.0-2ubuntu0.2
	14.04 LTS trusty	Fixed 3.4-3ubuntu0.3
	12.04 LTS precise	Not in release

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libtasn1-6	Upstream: http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=f979435823a02f842c41d49cd41cc81f25b5d677

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2604-1
Libtasn1 vulnerability
11 May 2015

Other references

https://blog.fuzzing-project.org/9-Heap-overflow-invalid-read-in-Libtasn1-TFPA-0052015.html
https://www.cve.org/CVERecord?id=CVE-2015-3622