5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.916 High
EPSS
Percentile
98.9%
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12,
as used in GnuTLS before 3.0.16 and other products, does not properly
handle certain large length values, which allows remote attackers to cause
a denial of service (heap memory corruption and application crash) or
possibly have unspecified other impact via a crafted ASN.1 structure.
Author | Note |
---|---|
jdstrand | per Simon Josefsson (upstream), asn1_get_length_der() does not itself have the vulnerability, but that callers wouldn’t check its return code which could cause a DoS. It was deemed easier for asn1_get_length_der() to throw an error rather than changing all callers. archive grep results for asn1_get_length_der(): https://chinstrap.canonical.com/~jamie/libtasn1.log |
mdeslaur | gnutls test: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=88138dc44fc00f2887956d71e0febd2656e1fd9f libtasn test: http://git.savannah.gnu.org/cgit/libtasn1.git/plain/tests/Test_overflow.c |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.04 | noarch | libtasn1-3 | < 1.1-1ubuntu0.1 | UNKNOWN |
ubuntu | 10.04 | noarch | libtasn1-3 | < 2.4-1ubuntu0.1 | UNKNOWN |
ubuntu | 11.04 | noarch | libtasn1-3 | < 2.7-1ubuntu1.1 | UNKNOWN |
ubuntu | 11.10 | noarch | libtasn1-3 | < 2.9-4ubuntu0.1 | UNKNOWN |
ubuntu | 12.04 | noarch | libtasn1-3 | < 2.10-1ubuntu1.1 | UNKNOWN |
thread.gmane.org/gmane.comp.gnu.libtasn1.general/53
thread.gmane.org/gmane.comp.gnu.libtasn1.general/54
www.openwall.com/lists/oss-security/2012/03/20/8
launchpad.net/bugs/cve/CVE-2012-1569
nvd.nist.gov/vuln/detail/CVE-2012-1569
security-tracker.debian.org/tracker/CVE-2012-1569
ubuntu.com/security/notices/USN-1436-1
www.cve.org/CVERecord?id=CVE-2012-1569