5
CVE-2012-1569
- EPSS 4.46%
- Veröffentlicht 26.03.2012 19:55:01
- Zuletzt bearbeitet 16.06.2026 23:39:44
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.46% | 0.902 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
http://www.gnu.org/software/gnutls/security.html
http://rhn.redhat.com/errata/RHSA-2012-0488.html
http://rhn.redhat.com/errata/RHSA-2012-0531.html
http://secunia.com/advisories/48596
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
http://secunia.com/advisories/57260
http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932
http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53
http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54
http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/
http://linux.oracle.com/errata/ELSA-2014-0596.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html
http://rhn.redhat.com/errata/RHSA-2012-0427.html
http://secunia.com/advisories/48397
http://secunia.com/advisories/48488
http://secunia.com/advisories/48505
http://secunia.com/advisories/48578
http://secunia.com/advisories/49002
http://secunia.com/advisories/50739
http://www.debian.org/security/2012/dsa-2440
http://www.mandriva.com/security/advisories?name=MDVSA-2012:039
http://www.openwall.com/lists/oss-security/2012/03/20/3
http://www.openwall.com/lists/oss-security/2012/03/20/8
http://www.openwall.com/lists/oss-security/2012/03/21/5
http://www.securitytracker.com/id?1026829
http://www.ubuntu.com/usn/USN-1436-1
https://bugzilla.redhat.com/show_bug.cgi?id=804920