Gnu

Libtasn1

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2021-46848

Exploit
  • EPSS 0.27%
  • Veröffentlicht 24.10.2022 14:15:49
  • Zuletzt bearbeitet 07.05.2025 15:15:52

GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.

7.1

CVE-2018-1000654

Exploit
  • EPSS 0.12%
  • Veröffentlicht 20.08.2018 19:31:44
  • Zuletzt bearbeitet 21.11.2024 03:40:20

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will ...

7.5

CVE-2018-6003

  • EPSS 1.58%
  • Veröffentlicht 22.01.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:09:51

An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.

7.5

CVE-2017-10790

Exploit
  • EPSS 0.33%
  • Veröffentlicht 02.07.2017 03:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service ...

8.8

CVE-2017-6891

  • EPSS 0.92%
  • Veröffentlicht 22.05.2017 19:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Co...

5.9

CVE-2016-4008

  • EPSS 5.05%
  • Veröffentlicht 05.05.2016 18:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.

4.3

CVE-2015-3622

Exploit
  • EPSS 6.06%
  • Veröffentlicht 12.05.2015 19:59:24
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.

10

CVE-2015-2806

  • EPSS 12.33%
  • Veröffentlicht 10.04.2015 15:00:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.

5

CVE-2014-3467

  • EPSS 6.62%
  • Veröffentlicht 05.06.2014 20:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

7.5

CVE-2014-3468

  • EPSS 6.27%
  • Veröffentlicht 05.06.2014 20:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.