11 results (0.011 seconds)

CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 1

GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. GNU Libtasn1 versiones anteriores a 4.19.0, presenta una comprobación de tamaño de matriz ETYPE_OK fuera de lugar que afecta a la función asn1_encode_simple_der An out-of-bounds read flaw was found in Libtasn1 due to an ETYPE_OK off-by-one error in the asn1_encode_simple_der() function. This flaw allows a remote attacker to pass specially crafted data or invalid values to the application, triggering an off-by-one error, corrupting the memory, and possibly performing a denial of service (DoS) attack. • https://bugs.gentoo.org/866237 https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV4SHDJF2XLB4CUPTBPQQ6CLGZ5LKXPZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECM2ELTVRYV4BZ5L5GMIRQE27RFHPAQ6 https://lists.fedoraproject.org/archives/list/pa • CWE-125: Out-of-bounds Read CWE-193: Off-by-one Error •

CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0

An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS. Se ha descubierto un problema en la función _asn1_decode_simple_ber en decoding.c en GNU Libtasn1, en versiones anteriores a la 4.13. La recursión no limitada en el descodificador BER conduce al agotamiento de la pila y a DoS. • http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97 https://bugzilla.redhat.com/show_bug.cgi?id=1535926 https://bugzilla.suse.com/show_bug.cgi?id=1076832 https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://ww • CWE-674: Uncontrolled Recursion •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1

The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack. La función _asn1_check_identifier en GNU Libtasn1 hasta la versión 4.12 provoca una desreferencia de puntero NULL y un cierre inesperado cuando se leen entradas manipuladas que desencadenan la asignación de un valor NULL en una estructura asn1_node. Esto puede dar lugar a un ataque remoto de denegación de servicio (DoS). • https://bugzilla.redhat.com/show_bug.cgi?id=1464141 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/06/msg00026.html https://security.gentoo.org/glsa/201710-11 https://usn.ubuntu.com/3547-1 https://www.debian.org/security/2018/dsa-4106 • CWE-476: NULL Pointer Dereference •

CVSS: 5.9EPSS: 25%CPEs: 9EXPL: 0

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. La función _asn1_extract_der_octet en lib/decoding.c en GNU Libtasn1 en versiones anteriores a 4.8, cuando se utiliza sin el indicador ASN1_DECODE_FLAG_STRICT_DER, permite a atacantes remotos provocar una denegación de servicio (recursión infinita) a través de un certificado manipulado. • http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625 http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=f435825c0f527a8e52e6ffbc3ad0bc60531d537e http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html http:/ • CWE-399: Resource Management Errors •

CVSS: 5.9EPSS: 91%CPEs: 3EXPL: 2

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate. La función _asn1_extract_der_octet en lib/decoding.c en GNU Libtasn1 anterior a 4.5 permite a atacantes remotos causar una denegación de servicio (lectura de memoria dinámica fuera de rango) a través de un certificado manipulado. A heap-based buffer overflow flaw was found in the way the libtasn1 library decoded certain DER-encoded inputs. A specially crafted DER-encoded input could cause an application using libtasn1 to perform an invalid read, causing the application to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158225.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00014.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00097.html http://packetstormsecurity.com/files/131711/libtasn1-Heap-Overflow.html http://seclists.org/fulldisclosure/2015/Apr/109 http://www.debian.org/security/2015/dsa-3256 http://www.mandriva.com/security/advisories?name=MDVSA-2015: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •