Back to search
CVE-2012-1569
Published: Mar 26, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
57260
third-party-advisory
x_refsource_SECUNIA
RHSA-2012:0427
vendor-advisory
x_refsource_REDHAT
48578
third-party-advisory
x_refsource_SECUNIA
RHSA-2012:0531
vendor-advisory
x_refsource_REDHAT
49002
third-party-advisory
x_refsource_SECUNIA
FEDORA-2012-4357
vendor-advisory
x_refsource_FEDORA
[oss-security] 20120320 Re: CVE request: libtasn1 "asn1_get_length_der()" DER decoding issue
mailing-list
x_refsource_MLIST
[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01
mailing-list
x_refsource_MLIST
48488
third-party-advisory
x_refsource_SECUNIA
USN-1436-1
vendor-advisory
x_refsource_UBUNTU
FEDORA-2012-4342
vendor-advisory
x_refsource_FEDORA
FEDORA-2012-4451
vendor-advisory
x_refsource_FEDORA
http://www.gnu.org/software/gnutls/security.html
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=804920
x_refsource_CONFIRM
RHSA-2012:0488
vendor-advisory
x_refsource_REDHAT
FEDORA-2012-4308
vendor-advisory
x_refsource_FEDORA
SUSE-SU-2014:0320
vendor-advisory
x_refsource_SUSE
[gnutls-devel] 20120316 gnutls 3.0.16
mailing-list
x_refsource_MLIST
1026829
vdb-entry
x_refsource_SECTRACK
http://linux.oracle.com/errata/ELSA-2014-0596.html
x_refsource_CONFIRM
48596
third-party-advisory
x_refsource_SECUNIA
50739
third-party-advisory
x_refsource_SECUNIA
48397
third-party-advisory
x_refsource_SECUNIA
48505
third-party-advisory
x_refsource_SECUNIA
http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/
x_refsource_MISC
[help-libtasn1] 20120319 GNU Libtasn1 2.12 released
mailing-list
x_refsource_MLIST
[help-libtasn1] 20120319 minimal fix to security issue
mailing-list
x_refsource_MLIST
[oss-security] 20120320 CVE request: libtasn1 "asn1_get_length_der()" DER decoding issue
mailing-list
x_refsource_MLIST
DSA-2440
vendor-advisory
x_refsource_DEBIAN
MDVSA-2012:039
vendor-advisory
x_refsource_MANDRIVA
FEDORA-2012-4409
vendor-advisory
x_refsource_FEDORA
20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1
mailing-list
x_refsource_BUGTRAQ
FEDORA-2012-4417
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now