Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2012-1569

Published: 26/03/2012 Updated: 18/01/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Libtasn1

Vulnerability Summary

The asn1_get_length_der function in decoding.c in GNU Libtasn1 prior to 2.12, as used in GnuTLS prior to 3.0.16 and other products, does not properly handle certain large length values, which allows remote malicious users to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.

Vulnerable Product Search on Vulmon Subscribe to Product

gnu libtasn1 2.10

gnu libtasn1 2.3

gnu libtasn1 2.2

gnu libtasn1 1.3

gnu libtasn1 1.2

gnu libtasn1 0.3.6

gnu libtasn1 0.3.5

gnu libtasn1 0.2.17

gnu libtasn1 0.2.16

gnu libtasn1 0.2.15

gnu libtasn1 0.2.8

gnu libtasn1 0.2.7

gnu libtasn1 0.2.0

gnu libtasn1 0.1.2

gnu gnutls 1.0.20

gnu gnutls 1.0.21

gnu libtasn1 2.5

gnu libtasn1 2.4

gnu libtasn1 1.5

gnu libtasn1 1.4

gnu libtasn1 0.3.8

gnu libtasn1 0.3.7

gnu libtasn1 0.3.0

gnu libtasn1 0.2.18

gnu libtasn1 0.2.10

gnu libtasn1 0.2.9

gnu libtasn1 0.2.2

gnu libtasn1 0.2.1

gnu gnutls 2.12.1

gnu gnutls 1.0.22

gnu gnutls 1.0.23

gnu gnutls 1.1.18

gnu gnutls 1.1.19

gnu gnutls 1.1.21

gnu gnutls 1.1.20

gnu gnutls 1.2.3

gnu gnutls 1.2.2

gnu gnutls 1.2.9

gnu gnutls 1.3.0

gnu gnutls 1.4.0

gnu gnutls 1.4.1

gnu gnutls 1.7.14

gnu gnutls 1.7.15

gnu gnutls 1.7.16

gnu gnutls 1.7.17

gnu gnutls 2.0.1

gnu gnutls 1.4.2

gnu gnutls 1.5.1

gnu gnutls 2.1.7

gnu gnutls 1.6.0

gnu gnutls 1.7.2

gnu gnutls 1.7.4

gnu gnutls 1.7.5

gnu gnutls 2.12.4

gnu gnutls 2.12.5

gnu gnutls 2.4.2

gnu gnutls 2.4.1

gnu gnutls 3.0.13

gnu gnutls 2.7.4

gnu gnutls 3.0.11

gnu gnutls 2.12.11

gnu gnutls 2.12.12

gnu gnutls 3.0.5

gnu gnutls 3.0.6

gnu gnutls 3.0.9

gnu gnutls 2.2.2

gnu gnutls 2.2.4

gnu gnutls 3.0.10

gnu gnutls 2.3.4

gnu gnutls 2.3.3

gnu libtasn1 2.9

gnu libtasn1 2.8

gnu libtasn1 2.1

gnu libtasn1 2.0

gnu libtasn1 1.8

gnu libtasn1 1.1

gnu libtasn1 1.0

gnu libtasn1 0.3.4

gnu libtasn1 0.3.3

gnu libtasn1 0.2.14

gnu libtasn1 0.2.13

gnu libtasn1 0.2.6

gnu libtasn1 0.2.5

gnu libtasn1 0.1.1

gnu libtasn1 0.1.0

gnu gnutls 1.0.18

gnu gnutls 1.0.19

gnu gnutls 1.1.14

gnu gnutls 1.1.15

gnu gnutls 1.2.1

gnu gnutls 2.12.10

gnu gnutls 1.2.7

gnu gnutls 1.2.6

gnu gnutls 1.3.3

gnu gnutls 1.3.4

gnu gnutls 2.10.3

gnu gnutls 2.10.4

gnu gnutls 1.7.13

gnu gnutls 1.7.18

gnu gnutls 2.0.3

gnu gnutls 1.4.4

gnu gnutls 2.1.3

gnu gnutls 1.5.3

gnu gnutls 2.1.0

gnu gnutls 1.1.16

gnu gnutls 1.1.17

gnu gnutls 1.1.23

gnu gnutls 1.1.22

gnu gnutls 1.2.5

gnu gnutls 1.2.4

gnu gnutls 1.3.1

gnu gnutls 1.3.2

gnu gnutls 2.10.1

gnu gnutls 2.10.2

gnu gnutls 1.7.12

gnu gnutls 2.0.4

gnu gnutls 2.0.2

gnu gnutls 1.5.0

gnu gnutls 2.1.2

gnu gnutls 1.5.4

gnu gnutls 1.6.1

gnu gnutls 2.1.6

gnu gnutls 1.7.3

gnu gnutls 1.7.0

gnu gnutls 1.7.10

gnu gnutls 1.7.11

gnu gnutls 1.7.8

gnu gnutls 2.6.0

gnu gnutls 2.4.0

gnu gnutls 2.6.6

gnu gnutls 2.8.0

gnu gnutls 2.3.11

gnu gnutls 2.12.6.1

gnu gnutls 2.12.13

gnu gnutls 3.0.0

gnu gnutls 2.4.3

gnu gnutls 2.8.2

gnu gnutls 3.0.8

gnu gnutls 2.2.1

gnu gnutls 2.2.3

gnu gnutls 2.3.2

gnu gnutls 2.3.10

gnu gnutls 2.3.9

gnu gnutls 1.6.2

gnu gnutls 2.1.5

gnu gnutls 2.1.8

gnu gnutls 1.7.1

gnu gnutls 1.7.9

gnu gnutls 2.5.0

gnu gnutls 2.6.2

gnu gnutls 2.6.3

gnu gnutls 2.8.1

gnu gnutls 2.6.1

gnu gnutls 2.12.6

gnu gnutls 2.12.7

gnu gnutls 3.0.1

gnu gnutls 3.0.2

gnu gnutls 2.8.3

gnu gnutls 2.8.4

gnu gnutls 3.0.7

gnu gnutls 2.2.0

gnu gnutls 2.3.1

gnu gnutls 2.3.0

gnu gnutls 2.3.8

gnu gnutls 2.3.7

gnu libtasn1 2.7

gnu libtasn1 2.6

gnu libtasn1 1.7

gnu libtasn1 1.6

gnu libtasn1 0.3.10

gnu libtasn1 0.3.9

gnu libtasn1 0.3.2

gnu libtasn1 0.3.1

gnu libtasn1 0.2.12

gnu libtasn1 0.2.11

gnu libtasn1 0.2.4

gnu libtasn1 0.2.3

gnu libtasn1

gnu gnutls 2.12.0

gnu gnutls 1.0.16

gnu gnutls 1.0.17

gnu gnutls 1.0.24

gnu gnutls 1.0.25

gnu gnutls 1.2.0

gnu gnutls 1.2.11

gnu gnutls 1.2.10

gnu gnutls 1.2.8.1a1

gnu gnutls 1.2.8

gnu gnutls 1.3.5

gnu gnutls 2.10.0

gnu gnutls 1.4.5

gnu gnutls 2.10.5

gnu gnutls 1.6.3

gnu gnutls 1.1.13

gnu gnutls 1.7.19

gnu gnutls 2.0.0

gnu gnutls 1.4.3

gnu gnutls 1.5.2

gnu gnutls 2.1.1

gnu gnutls 1.5.5

gnu gnutls 2.1.4

gnu gnutls 1.7.6

gnu gnutls 1.7.7

gnu gnutls 2.12.2

gnu gnutls 2.12.3

gnu gnutls 2.6.4

gnu gnutls 2.6.5

gnu gnutls 3.0.14

gnu gnutls 3.0.12

gnu gnutls 2.12.8

gnu gnutls 2.12.9

gnu gnutls 3.0.3

gnu gnutls 3.0.4

gnu gnutls 2.8.5

gnu gnutls 2.8.6

gnu gnutls 3.0

gnu gnutls 2.12.14

gnu gnutls 2.2.5

gnu gnutls 2.3.6

gnu gnutls 2.3.5

gnu gnutls

Vendor Advisories

Ubuntu Security Notice: libtasn1-3 vulnerability
Libtasn1 could be made to crash or run programs as your login if it received specially crafted input ...
Red Hat: Important: gnutls security update
Synopsis Important: gnutls security update Type/Severity Security Advisory: Important Topic Updated gnutls packages that fix three security issues are now availablefor Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security impact Common Vulnerability ...
Red Hat: Important: rhev-hypervisor6 security and bug fix update
Synopsis Important: rhev-hypervisor6 security and bug fix update Type/Severity Security Advisory: Important Topic An updated rhev-hypervisor6 package that fixes three security issues andone bug is now availableThe Red Hat Security Response Team has rated this update as havingimportant security impact Comm ...
Red Hat: Important: libtasn1 security update
Synopsis Important: libtasn1 security update Type/Severity Security Advisory: Important Topic Updated libtasn1 packages that fix one security issue are now available forRed Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as havingimportant security impact A Common Vulnerabil ...
Debian Security Advisories: DSA-2440-1 libtasn1-3 -- missing bounds check
Matthew Hall discovered that many callers of the asn1_get_length_der function did not check the result against the overall buffer length before processing it further This could result in out-of-bounds memory accesses and application crashes Applications using GNUTLS are exposed to this issue For the stable distribution (squeeze), this problem ha ...
Amazon Linux AMI: ALAS-2012-060
A flaw was found in the way libtasn1 decoded DER data An attacker could create carefully-crafted DER encoded input (such as an X509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash (CVE-2012-1569) ...

References

CWE-189http://www.openwall.com/lists/oss-security/2012/03/20/3http://www.gnu.org/software/gnutls/security.htmlhttp://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53https://bugzilla.redhat.com/show_bug.cgi?id=804920http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/http://www.openwall.com/lists/oss-security/2012/03/21/5http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54http://www.openwall.com/lists/oss-security/2012/03/20/8http://secunia.com/advisories/48596http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.htmlhttp://secunia.com/advisories/48397http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.htmlhttp://secunia.com/advisories/48488http://secunia.com/advisories/50739http://rhn.redhat.com/errata/RHSA-2012-0531.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0488.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.htmlhttp://secunia.com/advisories/57260http://linux.oracle.com/errata/ELSA-2014-0596.htmlhttp://www.securitytracker.com/id?1026829http://secunia.com/advisories/48578http://secunia.com/advisories/48505http://www.ubuntu.com/usn/USN-1436-1http://secunia.com/advisories/49002http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.htmlhttp://www.debian.org/security/2012/dsa-2440http://rhn.redhat.com/errata/RHSA-2012-0427.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:039https://usn.ubuntu.com/1436-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook