Search CVE reports
1 – 10 of 12 results
CVE-2018-1000654
Negligible prioritySome fixes available 1 of 8
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long...
2 affected packages
libtasn1-3, libtasn1-6
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libtasn1-3 | Not in release | Not in release | Not in release | Not in release | Not in release |
libtasn1-6 | Not affected | Not affected | Not affected | Needs evaluation | Fixed |
CVE-2018-6003
Medium priorityAn issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.
2 affected packages
libtasn1-3, libtasn1-6
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libtasn1-3 | — | — | — | — | Not in release |
libtasn1-6 | — | — | — | — | Fixed |
CVE-2017-10790
Low prioritySome fixes available 2 of 4
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to...
2 affected packages
libtasn1-3, libtasn1-6
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libtasn1-3 | — | — | Not in release | Not in release | Not in release |
libtasn1-6 | — | — | Not affected | Not affected | Fixed |
CVE-2017-6891
Medium priorityTwo errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file...
2 affected packages
libtasn1-3, libtasn1-6
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libtasn1-3 | — | — | — | — | Not in release |
libtasn1-6 | — | — | — | — | Fixed |
CVE-2016-4008
Medium priorityThe _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
2 affected packages
libtasn1-3, libtasn1-6
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libtasn1-3 | — | — | — | — | Not in release |
libtasn1-6 | — | — | — | — | Fixed |
CVE-2015-3622
Medium priorityThe _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
2 affected packages
libtasn1-3, libtasn1-6
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libtasn1-3 | — | — | — | — | — |
libtasn1-6 | — | — | — | — | — |
CVE-2015-2806
Medium priorityStack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.
2 affected packages
libtasn1-3, libtasn1-6
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libtasn1-3 | — | — | — | — | — |
libtasn1-6 | — | — | — | — | — |
CVE-2014-3469
Medium prioritySome fixes available 3 of 5
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
2 affected packages
libtasn1-3, libtasn1-6
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libtasn1-3 | — | — | — | — | — |
libtasn1-6 | — | — | — | — | — |
CVE-2014-3468
Medium prioritySome fixes available 3 of 5
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
2 affected packages
libtasn1-3, libtasn1-6
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libtasn1-3 | — | — | — | — | — |
libtasn1-6 | — | — | — | — | — |
CVE-2014-3467
Medium prioritySome fixes available 3 of 5
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
2 affected packages
libtasn1-3, libtasn1-6
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libtasn1-3 | — | — | — | — | — |
libtasn1-6 | — | — | — | — | — |