The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.
archives.neohapsis.com/archives/bugtraq/2012-03/0099.html
article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932
article.gmane.org/gmane.comp.gnu.libtasn1.general/53
article.gmane.org/gmane.comp.gnu.libtasn1.general/54
blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/
linux.oracle.com/errata/ELSA-2014-0596.html
lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
rhn.redhat.com/errata/RHSA-2012-0427.html
rhn.redhat.com/errata/RHSA-2012-0488.html
rhn.redhat.com/errata/RHSA-2012-0531.html
secunia.com/advisories/48397
secunia.com/advisories/48488
secunia.com/advisories/48505
secunia.com/advisories/48578
secunia.com/advisories/48596
secunia.com/advisories/49002
secunia.com/advisories/50739
secunia.com/advisories/57260
www.debian.org/security/2012/dsa-2440
www.gnu.org/software/gnutls/security.html
www.mandriva.com/security/advisories?name=MDVSA-2012:039
www.openwall.com/lists/oss-security/2012/03/20/3
www.openwall.com/lists/oss-security/2012/03/20/8
www.openwall.com/lists/oss-security/2012/03/21/5
www.securitytracker.com/id?1026829
www.ubuntu.com/usn/USN-1436-1
bugzilla.redhat.com/show_bug.cgi?id=804920
lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html
lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html
lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html
lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html
lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html
lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html