CVSS: 9.4EPSS: 0%CPEs: 5EXPL: 1CVE-2021-46848 – libtasn1: Out-of-bound access in ETYPE_OK
https://notcve.org/view.php?id=CVE-2021-46848
24 Oct 2022 — GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. GNU Libtasn1 versiones anteriores a 4.19.0, presenta una comprobación de tamaño de matriz ETYPE_OK fuera de lugar que afecta a la función asn1_encode_simple_der An out-of-bounds read flaw was found in Libtasn1 due to an ETYPE_OK off-by-one error in the asn1_encode_simple_der() function. This flaw allows a remote attacker to pass specially crafted data or invalid values to the application, triggering a... • https://bugs.gentoo.org/866237 • CWE-125: Out-of-bounds Read CWE-193: Off-by-one Error •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2018-1000654 – Ubuntu Security Notice USN-5352-1
https://notcve.org/view.php?id=CVE-2018-1000654
20 Aug 2018 — GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file. GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contiene una denegación de servicio (DoS). De manera específica, el uso de recursos de CPU llega al 100% cuando se e... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2018-6003 – Debian Security Advisory 4106-1
https://notcve.org/view.php?id=CVE-2018-6003
22 Jan 2018 — An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS. Se ha descubierto un problema en la función _asn1_decode_simple_ber en decoding.c en GNU Libtasn1, en versiones anteriores a la 4.13. La recursión no limitada en el descodificador BER conduce al agotamiento de la pila y a DoS. It was discovered that Libtasn1 incorrectly handled certain files. • http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97 • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2017-10790 – Debian Security Advisory 4106-1
https://notcve.org/view.php?id=CVE-2017-10790
02 Jul 2017 — The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack. La función _asn1_check_identifier en GNU Libtasn1 hasta la versión 4.12 provoca una desreferencia de puntero NULL y un cierre inesperado cuando se leen entradas manipuladas que desencadenan la asignación de un valor NULL en una estructura asn1_node. Esto... • https://bugzilla.redhat.com/show_bug.cgi?id=1464141 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-6891 – Debian Security Advisory 3861-1
https://notcve.org/view.php?id=CVE-2017-6891
22 May 2017 — Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility. Se pueden explotar dos errores en la función \"asn1_find_node()\" (lib/parser_aux.c) en GnuTLS libtasn1 versión 4.10 para provocar un desbordamiento de búfer basado en pila engañando a un usuario para que procese un archivo de asignaciones especial... • http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=5520704d075802df25ce4ffccc010ba1641bd484 • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 25%CPEs: 9EXPL: 0CVE-2016-4008 – Gentoo Linux Security Advisory 201703-05
https://notcve.org/view.php?id=CVE-2016-4008
02 May 2016 — The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. La función _asn1_extract_der_octet en lib/decoding.c en GNU Libtasn1 en versiones anteriores a 4.8, cuando se utiliza sin el indicador ASN1_DECODE_FLAG_STRICT_DER, permite a atacantes remotos provocar una denegación de servicio (recursión infinita) a través de un certific... • http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625 • CWE-399: Resource Management Errors •
CVSS: 5.9EPSS: 89%CPEs: 3EXPL: 2CVE-2015-3622 – libtasn1: heap overflow flaw in _asn1_extract_der_octet()
https://notcve.org/view.php?id=CVE-2015-3622
08 May 2015 — The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate. La función _asn1_extract_der_octet en lib/decoding.c en GNU Libtasn1 anterior a 4.5 permite a atacantes remotos causar una denegación de servicio (lectura de memoria dinámica fuera de rango) a través de un certificado manipulado. A heap-based buffer overflow flaw was found in the way the libtasn1 library decoded certain DE... • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158225.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2015-2806 – libtasn1: stack overflow in asn1_der_decoding
https://notcve.org/view.php?id=CVE-2015-2806
07 Apr 2015 — Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. Desbordamiento de buffer basado en pila en asn1_der_decoding en libtasn1 anterior a 4.4 permite a atacantes remotos tener un impacto no especificado a través de vectores desconocidos. A stack-based buffer overflow was found in the way libtasn1 decoded certain DER encoded data. An attacker could use this flaw to crash an application using the libtasn1 library. Libtas... • http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=4d4f992826a4962790ecd0cce6fbba4a415ce149 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 38EXPL: 0CVE-2014-3467 – libtasn1: multiple boundary check issues
https://notcve.org/view.php?id=CVE-2014-3467
03 Jun 2014 — Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. Múltiples vulnerabilidades no especificadas en el decodificador DER en GNU Libtasn1 en versiones anteriores a 3.6, como se utiliza en GnuTLS, permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo ASN.1 manipulado. Multiple buffer boundary check issues ... • http://advisories.mageia.org/MGASA-2014-0247.html • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 38EXPL: 0CVE-2014-3468 – libtasn1: asn1_get_bit_der() can return negative bit length
https://notcve.org/view.php?id=CVE-2014-3468
03 Jun 2014 — The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. La función asn1_get_bit_der en GNU Libtasn1 anterior a 3.6 no informa debidamente de un error cuando una longitud de bit negativa está identificada, lo que permite a atacantes dependientes de contexto causar acceso fuera de rango a través de datos ASN.1 manipulados. Multiple buffer b... • http://advisories.mageia.org/MGASA-2014-0247.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-131: Incorrect Calculation of Buffer Size •