Page 3 of 14 results (0.010 seconds)

CVSS: 5.0EPSS: 0%CPEs: 35EXPL: 0

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. Las funciones (1) asn1_read_value_type y (2) asn1_read_value en GNU Libtasn1 anterior a 3.6 permite a atacantes dependientes de contexto causar una denegación de servicio (referencia de puntero nulo y caída) a través de un valor nulo en un argumento ivalue. • http://advisories.mageia.org/MGASA-2014-0247.html http://linux.oracle.com/errata/ELSA-2014-0594.html http://linux.oracle.com/errata/ELSA-2014-0596.html http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html http://rhn.redhat.com/errata/RHSA-2014-0594.html http://rhn.redhat.com/errata/RHSA-2014-0596.html http:/&#x • CWE-476: NULL Pointer Dereference •

CVSS: 5.0EPSS: 89%CPEs: 221EXPL: 1

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. La función asn1_get_length_der en decoding.c en GNU libtasn1 antes de v2.12, tal y como se usa en GnuTLS antes del v3.0.16 y otros productos, no maneja adecuadamente ciertos valores de longitud demasiado grandes, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de la pila de memoria y caída de la aplicación) o posiblemente tener un impacto no especificado a través de una estructura ASN.1 especificamente elaborada para este fin. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932 http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53 http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54 http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns http://linux.oracle.com/errata/ELSA-2014-0596.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html http://lists.fedoraproject.org/pipermail/ • CWE-189: Numeric Errors •

CVSS: 7.5EPSS: 3%CPEs: 21EXPL: 0

Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite. • http://josefsson.org/cgi-bin/viewcvs.cgi/gnutls/tests/certder.c?view=markup http://josefsson.org/cgi-bin/viewcvs.cgi/libtasn1/NEWS?root=gnupg-mirror&view=markup http://josefsson.org/gnutls/releases/libtasn1/libtasn1-0.2.18-from-0.2.17.patch http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001059.html http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001060.html http://rhn.redhat.com/errata/RHS •

CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0

Unknown vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before 0.2.7, related to the DER parsing functions. Vulnerabilidad en libtasn1 0.1.x anteriors a 0.1.2 y 0.2.x anteriores a 0.2.7, relacionada con las funciones de procesamiento sintáctico DER. • http://packages.debian.org/changelogs/pool/main/libt/libtasn1-2/libtasn1-2_0.2.13-1/changelog http://securitytracker.com/id?1010159 http://www.backports.org/changelog.html http://www.osvdb.org/15126 http://www.securityfocus.com/bid/10360 https://exchange.xforce.ibmcloud.com/vulnerabilities/16157 •