Summary
| Detail | |||
|---|---|---|---|
| Vendor | Gnu | First view | 2014-06-05 |
| Product | libtasn1 | Last view | 2018-01-22 |
| Version | 3.0 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:gnu:libtasn1 | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2018-01-22 | CVE-2018-6003 | An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS. |
| 7.5 | 2017-07-01 | CVE-2017-10790 | The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack. |
| 5.9 | 2016-05-05 | CVE-2016-4008 | The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. |
| 4.3 | 2015-05-12 | CVE-2015-3622 | The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate. |
| 10 | 2015-04-10 | CVE-2015-2806 | Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. |
| 5 | 2014-06-05 | CVE-2014-3469 | The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. |
| 7.5 | 2014-06-05 | CVE-2014-3468 | The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. |
| 5 | 2014-06-05 | CVE-2014-3467 | Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 28% (2) | CWE-476 | NULL Pointer Dereference |
| 28% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 14% (1) | CWE-674 | Uncontrolled Recursion |
| 14% (1) | CWE-399 | Resource Management Errors |
| 14% (1) | CWE-131 | Incorrect Calculation of Buffer Size |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2015-09-24 | gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt RuleID : 35766 - Type : SERVER-OTHER - Revision : 3 |
| 2015-09-24 | gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt RuleID : 35765 - Type : SERVER-OTHER - Revision : 3 |
| 2015-09-24 | gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt RuleID : 35764 - Type : SERVER-OTHER - Revision : 3 |
| 2015-09-24 | gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt RuleID : 35763 - Type : SERVER-OTHER - Revision : 3 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-08 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2019-1006.nasl - Type: ACT_GATHER_INFO |
| 2018-12-28 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1445.nasl - Type: ACT_GATHER_INFO |
| 2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-1_0-0109.nasl - Type: ACT_GATHER_INFO |
| 2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0038.nasl - Type: ACT_GATHER_INFO |
| 2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2016-0013.nasl - Type: ACT_GATHER_INFO |
| 2018-07-24 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-2_0-0017.nasl - Type: ACT_GATHER_INFO |
| 2018-02-08 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4106.nasl - Type: ACT_GATHER_INFO |
| 2018-02-07 | Name: The remote Fedora host is missing a security update. File: fedora_2018-ef303deec6.nasl - Type: ACT_GATHER_INFO |
| 2018-01-29 | Name: The remote Fedora host is missing a security update. File: fedora_2018-f8c54aeec4.nasl - Type: ACT_GATHER_INFO |
| 2018-01-24 | Name: The remote Fedora host is missing a security update. File: fedora_2018-da4263f065.nasl - Type: ACT_GATHER_INFO |
| 2017-10-16 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201710-11.nasl - Type: ACT_GATHER_INFO |
| 2017-09-08 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2017-1172.nasl - Type: ACT_GATHER_INFO |
| 2017-09-08 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2017-1171.nasl - Type: ACT_GATHER_INFO |
| 2017-08-25 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2017-1860.nasl - Type: ACT_GATHER_INFO |
| 2017-08-22 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20170801_libtasn1_on_SL7_x.nasl - Type: ACT_GATHER_INFO |
| 2017-08-09 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2017-1860.nasl - Type: ACT_GATHER_INFO |
| 2017-08-03 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-1860.nasl - Type: ACT_GATHER_INFO |
| 2017-07-25 | Name: The remote Debian host is missing a security update. File: debian_DLA-1038.nasl - Type: ACT_GATHER_INFO |
| 2017-03-28 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201703-05.nasl - Type: ACT_GATHER_INFO |
| 2016-08-29 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-1601-1.nasl - Type: ACT_GATHER_INFO |
| 2016-08-29 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-1600-1.nasl - Type: ACT_GATHER_INFO |
| 2016-06-28 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-773.nasl - Type: ACT_GATHER_INFO |
| 2016-06-15 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-716.nasl - Type: ACT_GATHER_INFO |
| 2016-05-31 | Name: The remote Debian host is missing a security update. File: debian_DLA-495.nasl - Type: ACT_GATHER_INFO |
| 2016-05-06 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3568.nasl - Type: ACT_GATHER_INFO |
