GNU Libtasn1 2.3

CPE Details

GNU Libtasn1 2.3
gnu
libtasn1
2.3
2012-03-27
14h39 +00:00
2012-04-02
16h03 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gnu:libtasn1:2.3:*:*:*:*:*:*:*

Informations

Vendor

gnu

Product

libtasn1

Version

2.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-46848 2022-10-23 22h00 +00:00 GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
9.1
Critical
CVE-2018-6003 2018-01-22 19h00 +00:00 An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.
7.5
High
CVE-2017-10790 2017-07-02 01h00 +00:00 The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.
7.5
High
CVE-2016-4008 2016-05-05 16h00 +00:00 The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
5.9
Medium
CVE-2015-3622 2015-05-12 17h00 +00:00 The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
4.3
CVE-2015-2806 2015-04-10 12h00 +00:00 Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.
10
CVE-2014-3467 2014-06-05 18h00 +00:00 Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
5
CVE-2014-3468 2014-06-05 18h00 +00:00 The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
7.5
CVE-2014-3469 2014-06-05 18h00 +00:00 The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
5
CVE-2012-1569 2012-03-26 17h00 +00:00 The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.
5