5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.916 High
EPSS
Percentile
98.9%
Mu Dynamics, Inc. reports:
Various functions using the ASN.1 length decoding logic in
Libtasn1 were incorrectly assuming that the return value from
asn1_get_length_der is always less than the length of the
enclosing ASN.1 structure, which is only true for valid
structures and not for intentionally corrupt or otherwise
buggy structures.