SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2012-1569

Date: (C)2012-03-26 (M)2023-12-22

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL

Reference:

SECTRACK-1026829

http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html

FEDORA-2012-4308

FEDORA-2012-4342

FEDORA-2012-4357

FEDORA-2012-4409

FEDORA-2012-4417

FEDORA-2012-4451

SUSE-SU-2014:0320

http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932

http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53

http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54

http://www.openwall.com/lists/oss-security/2012/03/20/3

http://www.openwall.com/lists/oss-security/2012/03/20/8

http://www.openwall.com/lists/oss-security/2012/03/21/5

http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/

http://linux.oracle.com/errata/ELSA-2014-0596.html

http://www.gnu.org/software/gnutls/security.html

https://bugzilla.redhat.com/show_bug.cgi?id=804920

CPE 221

cpe:/a:gnu:gnutls:1.0.24
cpe:/a:gnu:gnutls:1.0.25
cpe:/a:gnu:gnutls:1.0.20
cpe:/a:gnu:gnutls:1.0.21
...

oval:org.secpod.oval:def:1601282
oval:org.secpod.oval:def:700848
oval:org.secpod.oval:def:103591
oval:org.secpod.oval:def:103543
...

© SecPod Technologies