CVE-2021-46848 – libtasn1: Out-of-bound access in ETYPE_OK
https://notcve.org/view.php?id=CVE-2021-46848
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. GNU Libtasn1 versiones anteriores a 4.19.0, presenta una comprobación de tamaño de matriz ETYPE_OK fuera de lugar que afecta a la función asn1_encode_simple_der An out-of-bounds read flaw was found in Libtasn1 due to an ETYPE_OK off-by-one error in the asn1_encode_simple_der() function. This flaw allows a remote attacker to pass specially crafted data or invalid values to the application, triggering an off-by-one error, corrupting the memory, and possibly performing a denial of service (DoS) attack. • https://bugs.gentoo.org/866237 https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV4SHDJF2XLB4CUPTBPQQ6CLGZ5LKXPZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECM2ELTVRYV4BZ5L5GMIRQE27RFHPAQ6 https://lists.fedoraproject.org/archives/list/pa • CWE-125: Out-of-bounds Read CWE-193: Off-by-one Error •
CVE-2018-1000654
https://notcve.org/view.php?id=CVE-2018-1000654
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file. GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contiene una denegación de servicio (DoS). De manera específica, el uso de recursos de CPU llega al 100% cuando se ejecuta asn1Paser contra el POC debido a que existe un problema en _asn1_expand_object_id(p_tree) en el que, después de un período largo de tiempo, el programa se bloquea y se cierra. Este ataque parece ser explotable mediante el análisis sintáctico de un archivo manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html http://www.securityfocus.com/bid/105151 https://gitlab.com/gnutls/libtasn1/issues/4 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E •