Published: 03/12/2019 Updated: 04/12/2019

Vulnerability Summary

The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS up to and including 2.1.5 has a Buffer Overflow that allows remote malicious users to cause a denial of service (memory and CPU consumption) via a crafted certificate in the TLS certificate handshake message, because the result of get_asn1_length() is not checked for a minimum or maximum size.

Vulnerability Trend

Mailing Lists

Hi all, Two Denial-of-Service vulnerabilities were found in the axTLS library (axtlssourceforgenet/) Both vulnerabilities were addressed to the project maintainer in a responsible disclosure Because the initial deadline was prolonged a few times to fix the issues, but we didn't received any feedback since June, the vulnerability detai ...