Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu libtasn1 vulnerabilities and exploits
(subscribe to this query)
7.1
CVSSv2
CVE-2018-1000654
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears...
Gnu Libtasn1 4.12
Gnu Libtasn1 4.13
5
CVSSv2
CVE-2012-1569
The asn1_get_length_der function in decoding.c in GNU Libtasn1 prior to 2.12, as used in GnuTLS prior to 3.0.16 and other products, does not properly handle certain large length values, which allows remote malicious users to cause a denial of service (heap memory corruption and a...
Gnu Libtasn1 2.10
Gnu Libtasn1 2.3
Gnu Libtasn1 2.2
Gnu Libtasn1 1.3
Gnu Libtasn1 1.2
Gnu Libtasn1 0.3.6
Gnu Libtasn1 0.3.5
Gnu Libtasn1 0.2.17
Gnu Libtasn1 0.2.16
Gnu Libtasn1 0.2.15
Gnu Libtasn1 0.2.8
Gnu Libtasn1 0.2.7
Gnu Libtasn1 0.2.0
Gnu Libtasn1 0.1.2
Gnu Gnutls 1.0.20
Gnu Gnutls 1.0.21
Gnu Libtasn1 2.5
Gnu Libtasn1 2.4
Gnu Libtasn1 1.5
Gnu Libtasn1 1.4
Gnu Libtasn1 0.3.8
Gnu Libtasn1 0.3.7
5
CVSSv2
CVE-2017-10790
The _asn1_check_identifier function in GNU Libtasn1 up to and including 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.
Gnu Libtasn1
1 Github repository
6.8
CVSSv2
CVE-2017-6891
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.
Gnu Libtasn1 4.10
Debian Debian Linux 8.0
Apache Bookkeeper 4.12.1
5
CVSSv2
CVE-2018-6003
An issue exists in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 prior to 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.
Gnu Libtasn1
Fedoraproject Fedora 26
Debian Debian Linux 9.0
Fedoraproject Fedora 27
7.5
CVSSv2
CVE-2006-0645
Tiny ASN.1 Library (libtasn1) prior to 0.2.18, as used by (1) GnuTLS 1.2.x prior to 1.2.10 and 1.3.x prior to 1.3.4, and (2) GNU Shishi, allows malicious users to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid inpu...
Free Software Foundation Inc. Libtasn1 0.2.0
Free Software Foundation Inc. Libtasn1 0.2.1
Free Software Foundation Inc. Libtasn1 0.2.17
Free Software Foundation Inc. Libtasn1 0.2.2
Free Software Foundation Inc. Libtasn1 0.2.9
Free Software Foundation Inc. Libtasn1 0.1.1
Free Software Foundation Inc. Libtasn1 0.1.2
Free Software Foundation Inc. Libtasn1 0.2.14
Free Software Foundation Inc. Libtasn1 0.2.15
Free Software Foundation Inc. Libtasn1 0.2.16
Free Software Foundation Inc. Libtasn1 0.2.7
Free Software Foundation Inc. Libtasn1 0.2.8
Free Software Foundation Inc. Libtasn1 0.2.10
Free Software Foundation Inc. Libtasn1 0.2.11
Free Software Foundation Inc. Libtasn1 0.2.3
Free Software Foundation Inc. Libtasn1 0.2.4
Free Software Foundation Inc. Libtasn1 0.1.0
Free Software Foundation Inc. Libtasn1 0.2.12
Free Software Foundation Inc. Libtasn1 0.2.13
Free Software Foundation Inc. Libtasn1 0.2.5
Free Software Foundation Inc. Libtasn1 0.2.6
NA
CVE-2021-46848
GNU Libtasn1 prior to 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
Gnu Libtasn1
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2016-4008
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 prior to 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote malicious users to cause a denial of service (infinite recursion) via a crafted certificate.
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Opensuse Opensuse 13.2
Gnu Libtasn1
Fedoraproject Fedora 22
Fedoraproject Fedora 24
Fedoraproject Fedora 23
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started