[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-3622Date: (C)2015-05-27   (M)2023-12-22


The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1032246
http://seclists.org/fulldisclosure/2015/Apr/109
BID-74419
DSA-3256
FEDORA-2015-7288
GLSA-201509-04
MDVSA-2015:232
RHSA-2017:1860
USN-2604-1
https://lists.gnu.org/archive/html/help-libtasn1/2015-04/msg00000.html
http://packetstormsecurity.com/files/131711/libtasn1-Heap-Overflow.html
openSUSE-SU-2015:1372
openSUSE-SU-2016:1567
openSUSE-SU-2016:1674

CPE    2
cpe:/o:fedoraproject:fedora:21
cpe:/a:gnu:libtasn1
CWE    1
CWE-119
OVAL    8
oval:org.secpod.oval:def:89045231
oval:org.secpod.oval:def:204595
oval:org.secpod.oval:def:702555
oval:org.secpod.oval:def:108873
...

© SecPod Technologies