This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Gnu First view 2014-06-05
Product libtasn1 Last view 2018-01-22
Version 3.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:gnu:libtasn1

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2018-01-22 CVE-2018-6003

An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.

7.5 2017-07-01 CVE-2017-10790

The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.

5.9 2016-05-05 CVE-2016-4008

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.

4.3 2015-05-12 CVE-2015-3622

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.

10 2015-04-10 CVE-2015-2806

Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.

5 2014-06-05 CVE-2014-3469

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.

7.5 2014-06-05 CVE-2014-3468

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.

5 2014-06-05 CVE-2014-3467

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

CWE : Common Weakness Enumeration

%idName
28% (2) CWE-476 NULL Pointer Dereference
28% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14% (1) CWE-674 Uncontrolled Recursion
14% (1) CWE-399 Resource Management Errors
14% (1) CWE-131 Incorrect Calculation of Buffer Size

Snort® IPS/IDS

Date Description
2015-09-24 gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt
RuleID : 35766 - Type : SERVER-OTHER - Revision : 3
2015-09-24 gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt
RuleID : 35765 - Type : SERVER-OTHER - Revision : 3
2015-09-24 gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt
RuleID : 35764 - Type : SERVER-OTHER - Revision : 3
2015-09-24 gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt
RuleID : 35763 - Type : SERVER-OTHER - Revision : 3

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-08 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2019-1006.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1445.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0109.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0038.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2016-0013.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0017.nasl - Type: ACT_GATHER_INFO
2018-02-08 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4106.nasl - Type: ACT_GATHER_INFO
2018-02-07 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ef303deec6.nasl - Type: ACT_GATHER_INFO
2018-01-29 Name: The remote Fedora host is missing a security update.
File: fedora_2018-f8c54aeec4.nasl - Type: ACT_GATHER_INFO
2018-01-24 Name: The remote Fedora host is missing a security update.
File: fedora_2018-da4263f065.nasl - Type: ACT_GATHER_INFO
2017-10-16 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201710-11.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1172.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1171.nasl - Type: ACT_GATHER_INFO
2017-08-25 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-1860.nasl - Type: ACT_GATHER_INFO
2017-08-22 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170801_libtasn1_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-1860.nasl - Type: ACT_GATHER_INFO
2017-08-03 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-1860.nasl - Type: ACT_GATHER_INFO
2017-07-25 Name: The remote Debian host is missing a security update.
File: debian_DLA-1038.nasl - Type: ACT_GATHER_INFO
2017-03-28 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201703-05.nasl - Type: ACT_GATHER_INFO
2016-08-29 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1601-1.nasl - Type: ACT_GATHER_INFO
2016-08-29 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1600-1.nasl - Type: ACT_GATHER_INFO
2016-06-28 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-773.nasl - Type: ACT_GATHER_INFO
2016-06-15 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-716.nasl - Type: ACT_GATHER_INFO
2016-05-31 Name: The remote Debian host is missing a security update.
File: debian_DLA-495.nasl - Type: ACT_GATHER_INFO
2016-05-06 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3568.nasl - Type: ACT_GATHER_INFO