CVSS: 9.4EPSS: 0%CPEs: 5EXPL: 1CVE-2021-46848 – libtasn1: Out-of-bound access in ETYPE_OK
https://notcve.org/view.php?id=CVE-2021-46848
24 Oct 2022 — GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. GNU Libtasn1 versiones anteriores a 4.19.0, presenta una comprobación de tamaño de matriz ETYPE_OK fuera de lugar que afecta a la función asn1_encode_simple_der An out-of-bounds read flaw was found in Libtasn1 due to an ETYPE_OK off-by-one error in the asn1_encode_simple_der() function. This flaw allows a remote attacker to pass specially crafted data or invalid values to the application, triggering a... • https://bugs.gentoo.org/866237 • CWE-125: Out-of-bounds Read CWE-193: Off-by-one Error •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2018-6003 – Debian Security Advisory 4106-1
https://notcve.org/view.php?id=CVE-2018-6003
22 Jan 2018 — An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS. Se ha descubierto un problema en la función _asn1_decode_simple_ber en decoding.c en GNU Libtasn1, en versiones anteriores a la 4.13. La recursión no limitada en el descodificador BER conduce al agotamiento de la pila y a DoS. It was discovered that Libtasn1 incorrectly handled certain files. • http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97 • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2017-10790 – Debian Security Advisory 4106-1
https://notcve.org/view.php?id=CVE-2017-10790
02 Jul 2017 — The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack. La función _asn1_check_identifier en GNU Libtasn1 hasta la versión 4.12 provoca una desreferencia de puntero NULL y un cierre inesperado cuando se leen entradas manipuladas que desencadenan la asignación de un valor NULL en una estructura asn1_node. Esto... • https://bugzilla.redhat.com/show_bug.cgi?id=1464141 • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 25%CPEs: 9EXPL: 0CVE-2016-4008 – Gentoo Linux Security Advisory 201703-05
https://notcve.org/view.php?id=CVE-2016-4008
02 May 2016 — The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. La función _asn1_extract_der_octet en lib/decoding.c en GNU Libtasn1 en versiones anteriores a 4.8, cuando se utiliza sin el indicador ASN1_DECODE_FLAG_STRICT_DER, permite a atacantes remotos provocar una denegación de servicio (recursión infinita) a través de un certific... • http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625 • CWE-399: Resource Management Errors •
CVSS: 5.9EPSS: 89%CPEs: 3EXPL: 2CVE-2015-3622 – libtasn1: heap overflow flaw in _asn1_extract_der_octet()
https://notcve.org/view.php?id=CVE-2015-3622
08 May 2015 — The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate. La función _asn1_extract_der_octet en lib/decoding.c en GNU Libtasn1 anterior a 4.5 permite a atacantes remotos causar una denegación de servicio (lectura de memoria dinámica fuera de rango) a través de un certificado manipulado. A heap-based buffer overflow flaw was found in the way the libtasn1 library decoded certain DE... • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158225.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2015-2806 – libtasn1: stack overflow in asn1_der_decoding
https://notcve.org/view.php?id=CVE-2015-2806
07 Apr 2015 — Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. Desbordamiento de buffer basado en pila en asn1_der_decoding en libtasn1 anterior a 4.4 permite a atacantes remotos tener un impacto no especificado a través de vectores desconocidos. A stack-based buffer overflow was found in the way libtasn1 decoded certain DER encoded data. An attacker could use this flaw to crash an application using the libtasn1 library. Libtas... • http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=4d4f992826a4962790ecd0cce6fbba4a415ce149 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 38EXPL: 0CVE-2014-3467 – libtasn1: multiple boundary check issues
https://notcve.org/view.php?id=CVE-2014-3467
03 Jun 2014 — Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. Múltiples vulnerabilidades no especificadas en el decodificador DER en GNU Libtasn1 en versiones anteriores a 3.6, como se utiliza en GnuTLS, permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo ASN.1 manipulado. Multiple buffer boundary check issues ... • http://advisories.mageia.org/MGASA-2014-0247.html • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 38EXPL: 0CVE-2014-3468 – libtasn1: asn1_get_bit_der() can return negative bit length
https://notcve.org/view.php?id=CVE-2014-3468
03 Jun 2014 — The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. La función asn1_get_bit_der en GNU Libtasn1 anterior a 3.6 no informa debidamente de un error cuando una longitud de bit negativa está identificada, lo que permite a atacantes dependientes de contexto causar acceso fuera de rango a través de datos ASN.1 manipulados. Multiple buffer b... • http://advisories.mageia.org/MGASA-2014-0247.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 9.8EPSS: 0%CPEs: 35EXPL: 0CVE-2014-3469 – libtasn1: asn1_read_value_type() NULL pointer dereference
https://notcve.org/view.php?id=CVE-2014-3469
03 Jun 2014 — The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. Las funciones (1) asn1_read_value_type y (2) asn1_read_value en GNU Libtasn1 anterior a 3.6 permite a atacantes dependientes de contexto causar una denegación de servicio (referencia de puntero nulo y caída) a través de un valor nulo en un argumento ivalue. Multiple buffer boundar... • http://advisories.mageia.org/MGASA-2014-0247.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 89%CPEs: 221EXPL: 1CVE-2012-1569 – libtasn1: DER decoding buffer overflow (GNUTLS-SA-2012-3, MU-201202-02)
https://notcve.org/view.php?id=CVE-2012-1569
26 Mar 2012 — The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. La función asn1_get_length_der en decoding.c en GNU libtasn1 antes de v2.12, tal y como se usa en GnuTLS antes del v3.0.16 y otros productos, no maneja... • http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html • CWE-189: Numeric Errors •