CVSS: 9.4EPSS: 0%CPEs: 5EXPL: 1CVE-2021-46848 – libtasn1: Out-of-bound access in ETYPE_OK
https://notcve.org/view.php?id=CVE-2021-46848
24 Oct 2022 — GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. GNU Libtasn1 versiones anteriores a 4.19.0, presenta una comprobación de tamaño de matriz ETYPE_OK fuera de lugar que afecta a la función asn1_encode_simple_der An out-of-bounds read flaw was found in Libtasn1 due to an ETYPE_OK off-by-one error in the asn1_encode_simple_der() function. This flaw allows a remote attacker to pass specially crafted data or invalid values to the application, triggering a... • https://bugs.gentoo.org/866237 • CWE-125: Out-of-bounds Read CWE-193: Off-by-one Error •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2018-6003 – Debian Security Advisory 4106-1
https://notcve.org/view.php?id=CVE-2018-6003
22 Jan 2018 — An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS. Se ha descubierto un problema en la función _asn1_decode_simple_ber en decoding.c en GNU Libtasn1, en versiones anteriores a la 4.13. La recursión no limitada en el descodificador BER conduce al agotamiento de la pila y a DoS. It was discovered that Libtasn1 incorrectly handled certain files. • http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97 • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-10790 – Debian Security Advisory 4106-1
https://notcve.org/view.php?id=CVE-2017-10790
02 Jul 2017 — The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack. La función _asn1_check_identifier en GNU Libtasn1 hasta la versión 4.12 provoca una desreferencia de puntero NULL y un cierre inesperado cuando se leen entradas manipuladas que desencadenan la asignación de un valor NULL en una estructura asn1_node. Esto... • https://bugzilla.redhat.com/show_bug.cgi?id=1464141 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-6891 – Debian Security Advisory 3861-1
https://notcve.org/view.php?id=CVE-2017-6891
22 May 2017 — Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility. Se pueden explotar dos errores en la función \"asn1_find_node()\" (lib/parser_aux.c) en GnuTLS libtasn1 versión 4.10 para provocar un desbordamiento de búfer basado en pila engañando a un usuario para que procese un archivo de asignaciones especial... • http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=5520704d075802df25ce4ffccc010ba1641bd484 • CWE-787: Out-of-bounds Write •