12 results (0.005 seconds)

CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 1

GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. GNU Libtasn1 versiones anteriores a 4.19.0, presenta una comprobación de tamaño de matriz ETYPE_OK fuera de lugar que afecta a la función asn1_encode_simple_der An out-of-bounds read flaw was found in Libtasn1 due to an ETYPE_OK off-by-one error in the asn1_encode_simple_der() function. This flaw allows a remote attacker to pass specially crafted data or invalid values to the application, triggering an off-by-one error, corrupting the memory, and possibly performing a denial of service (DoS) attack. • https://bugs.gentoo.org/866237 https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV4SHDJF2XLB4CUPTBPQQ6CLGZ5LKXPZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECM2ELTVRYV4BZ5L5GMIRQE27RFHPAQ6 https://lists.fedoraproject.org/archives/list/pa • CWE-125: Out-of-bounds Read CWE-193: Off-by-one Error •

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file. GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contiene una denegación de servicio (DoS). De manera específica, el uso de recursos de CPU llega al 100% cuando se ejecuta asn1Paser contra el POC debido a que existe un problema en _asn1_expand_object_id(p_tree) en el que, después de un período largo de tiempo, el programa se bloquea y se cierra. Este ataque parece ser explotable mediante el análisis sintáctico de un archivo manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html http://www.securityfocus.com/bid/105151 https://gitlab.com/gnutls/libtasn1/issues/4 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E •

CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0

An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS. Se ha descubierto un problema en la función _asn1_decode_simple_ber en decoding.c en GNU Libtasn1, en versiones anteriores a la 4.13. La recursión no limitada en el descodificador BER conduce al agotamiento de la pila y a DoS. • http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97 https://bugzilla.redhat.com/show_bug.cgi?id=1535926 https://bugzilla.suse.com/show_bug.cgi?id=1076832 https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://ww • CWE-674: Uncontrolled Recursion •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1

The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack. La función _asn1_check_identifier en GNU Libtasn1 hasta la versión 4.12 provoca una desreferencia de puntero NULL y un cierre inesperado cuando se leen entradas manipuladas que desencadenan la asignación de un valor NULL en una estructura asn1_node. Esto puede dar lugar a un ataque remoto de denegación de servicio (DoS). • https://bugzilla.redhat.com/show_bug.cgi?id=1464141 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/06/msg00026.html https://security.gentoo.org/glsa/201710-11 https://usn.ubuntu.com/3547-1 https://www.debian.org/security/2018/dsa-4106 • CWE-476: NULL Pointer Dereference •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility. Se pueden explotar dos errores en la función \"asn1_find_node()\" (lib/parser_aux.c) en GnuTLS libtasn1 versión 4.10 para provocar un desbordamiento de búfer basado en pila engañando a un usuario para que procese un archivo de asignaciones especialmente manipulado mediante la utilidad de ejemplo asn1Coding. • http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=5520704d075802df25ce4ffccc010ba1641bd484 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html http://www.debian.org/security/2017/dsa-3861 http://www.securityfocus.com/bid/98641 http://www.securitytracker.com/id/1038619 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues. • CWE-787: Out-of-bounds Write •