exploit the possibilities
Showing 1 - 25 of 47 RSS Feed

Files

libtasn1 Heap Overflow
Posted May 1, 2015
Authored by Hanno Boeck | Site hboeck.de

Fuzzing GnuTLS, it was discovered that a malformed certificate input sample would cause a heap overflow read of 99 bytes in the DER decoding functions of Libtasn1. The heap overflow happens in the function _asn1_extract_der_octet().

tags | advisory, overflow
MD5 | 1efcb67683ea76bca3f30eb9e4cc0311

Related Files

Debian Security Advisory 4106-1
Posted Feb 8, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4106-1 - Two vulnerabilities were discovered in Libtasn1, a library to manage ASN.1 structures, allowing a remote attacker to cause a denial of service against an application using the Libtasn1 library.

tags | advisory, remote, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2017-10790, CVE-2018-6003
MD5 | 59b81c16b6973dde15225d9c0c8a9a19
Ubuntu Security Notice USN-3547-1
Posted Jan 25, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3547-1 - It was discovered that Libtasn1 incorrectly handled certain files. If a user were tricked into opening a crafted file, an attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that Libtasn1 incorrectly handled certain inputs. An attacker could possibly use this to cause Libtasn1 to hang, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-10790, CVE-2018-6003
MD5 | f03cb026d4c3bae88271577c36f63c20
Gentoo Linux Security Advisory 201710-11
Posted Oct 13, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201710-11 - Multiple vulnerabilities have been found in GNU Libtasn1, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 4.12-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-10790, CVE-2017-6891
MD5 | fc81a9e6076f555809fe9461323ebf2f
Red Hat Security Advisory 2017-1860-01
Posted Aug 1, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1860-01 - Libtasn1 is a library that provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions. The following packages have been upgraded to a later upstream version: libtasn1. Security Fix: A heap-based buffer overflow flaw was found in the way the libtasn1 library decoded certain DER-encoded inputs. A specially crafted DER-encoded input could cause an application using libtasn1 to perform an invalid read, causing the application to crash.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2015-2806, CVE-2015-3622
MD5 | e27343f43d2d2693066629e5b9dfaf55
Debian Security Advisory 3861-1
Posted May 26, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3861-1 - Jakub Jirasek of Secunia Research discovered that libtasn1, a library used to handle Abstract Syntax Notation One structures, did not properly validate its input. This would allow an attacker to cause a crash by denial-of-service, or potentially execute arbitrary code, by tricking a user into processing a maliciously crafted assignments file.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2017-6891
MD5 | 788c0ad49d20fd8197c64ffb108a18ec
Gentoo Linux Security Advisory 201703-05
Posted Mar 28, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201703-5 - A vulnerability in Libtasn1 allows remote attackers to cause a Denial of Service condition. Versions less than 4.8 are affected.

tags | advisory, remote, denial of service
systems | linux, gentoo
advisories | CVE-2016-4008
MD5 | 998d82bef2b8ec23bbec3a93dbb53304
Debian Security Advisory 3568-1
Posted May 5, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3568-1 - Pascal Cuoq and Miod Vallat discovered that Libtasn1, a library to manage ASN.1 structures, does not correctly handle certain malformed DER certificates. A remote attacker can take advantage of this flaw to cause an application using the Libtasn1 library to hang, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2016-4008
MD5 | 6d9c48ac10aa1885c8c79f14fe73a40f
Ubuntu Security Notice USN-2957-2
Posted May 2, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2957-2 - USN-2957-1 fixed a vulnerability in Libtasn1. This update provides the corresponding update for Ubuntu 16.04 LTS. Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue to cause applications using Libtasn1 to hang, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-4008
MD5 | 7c4d43bc8753e7b5d46d617f064946c3
Ubuntu Security Notice USN-2957-1
Posted May 2, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2957-1 - Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled certain malformed DER certificates. A remote attacker could possibly use this issue to cause applications using Libtasn1 to hang, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-4008
MD5 | fbd4f04ae892225bee3faadd8633f485
Gentoo Linux Security Advisory 201509-04
Posted Sep 25, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201509-4 - Multiple vulnerabilities have been found in libtasn1, the worst of which could lead to arbitrary code execution. Versions less than 1.4.5 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2015-2806, CVE-2015-3622
MD5 | 4896b09d777fd40d5e21eb6e77ec8610
Debian Security Advisory 3256-1
Posted May 11, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3256-1 - Hanno Boeck discovered a heap-based buffer overflow flaw in the way Libtasn1, a library to manage ASN.1 structures, decoded certain DER-encoded input. A specially crafted DER-encoded input could cause an application using the Libtasn1 library to crash, or potentially to execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2015-3622
MD5 | a3df498e7c1f4b9ec845b3228ea472db
Ubuntu Security Notice USN-2604-1
Posted May 11, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2604-1 - Hanno B=C3=B6ck discovered that Libtasn1 incorrectly handled certain ASN.1 data. A remote attacker could possibly exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-3622
MD5 | 3e6bffa7ff816d03af1e4d9f9ef5e1d3
Mandriva Linux Security Advisory 2015-232
Posted May 8, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-232 - A malformed certificate input could cause a heap overflow read in the DER decoding functions of Libtasn1. The heap overflow happens in the function _asn1_extract_der_octet().

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2015-3622
MD5 | 9cc5d634f8aedf68df7ebf7771bcc282
Debian Security Advisory 3220-1
Posted Apr 13, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3220-1 - Hanno Boeck discovered a stack-based buffer overflow in the asn1_der_decoding function in Libtasn1, a library to manage ASN.1 structures. A remote attacker could take advantage of this flaw to cause an application using the Libtasn1 library to crash, or potentially to execute arbitrary code.

tags | advisory, remote, overflow, arbitrary
systems | linux, debian
advisories | CVE-2015-2806
MD5 | e2382382ce327982baafc3b440a0b1cb
Ubuntu Security Notice USN-2559-1
Posted Apr 8, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2559-1 - Hanno Boeck discovered that Libtasn1 incorrectly handled certain ASN.1 data. A remote attacker could possibly exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-2806
MD5 | a4d5b8f49577277ba82bf1cbe31c290c
Mandriva Linux Security Advisory 2015-193
Posted Apr 7, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-193 - The libtasn1 library before version 4.4 is vulnerable to a two-byte stack overflow in asn1_der_decoding.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2015-2806
MD5 | 4d2deee202952c198056d9cc6d459ad2
libtasn1 Stack Write Overflow
Posted Mar 30, 2015
Authored by Hanno Boeck | Site hboeck.de

Fuzzing libtasn1 led to the discovery of a stack write overflow in the function _asn1_ltostr (file parser_aux.c). It overflows a temporary buffer variable on certain inputs.

tags | advisory, overflow
MD5 | 3e26f04e6b86ede33eb62fb437cb37d5
Mandriva Linux Security Advisory 2015-116
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-116 - Multiple buffer boundary check issues were discovered in libtasn1 library, causing it to read beyond the boundary of an allocated buffer. An untrusted ASN.1 input could cause an application using the library to crash. It was discovered that libtasn1 library function asn1_get_bit_der() could incorrectly report negative bit length of the value read from ASN.1 input. This could possibly lead to an out of bounds access in an application using libtasn1, for example in case if application tried to terminate read value with NUL byte. A NULL pointer dereference flaw was found in libtasn1's asn1_read_value_type() / asn1_read_value() function. If an application called the function with a NULL value for an ivalue argument to determine the amount of memory needed to store data to be read from the ASN.1 input, libtasn1 could incorrectly attempt to dereference the NULL pointer, causing an application using the library to crash.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-3467, CVE-2014-3468, CVE-2014-3469
MD5 | 82185e4d2aa9ee226c35c58aa7ed3eea
Red Hat Security Advisory 2014-1846-01
Posted Nov 12, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1846-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions. An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC certificates or certificate signing requests. A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS, could cause that application to crash or execute arbitrary code with the permissions of the user running the application.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2014-8564
MD5 | 4ca60d6b4ddb83e3efe5663b6fec6aa8
Debian Security Advisory 3056-1
Posted Oct 27, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3056-1 - Several vulnerabilities were discovered in libtasn1-3, a library that manages ASN1 (Abstract Syntax Notation One) structures. An attacker could use those to cause a denial-of-service via out-of-bounds access or NULL pointer dereference.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-3467, CVE-2014-3468, CVE-2014-3469
MD5 | 28a0b7214968a6bd6620b990c4be51f5
Gentoo Linux Security Advisory 201408-09
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-9 - Multiple vulnerabilities have been discovered in GNU Libtasn1, the worse of which can allow a context-dependent attacker to cause a Denial of Service condition. Versions less than 3.6 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2014-3467, CVE-2014-3468, CVE-2014-3469
MD5 | 83ceca25a5a017c52a6e0fe384018509
Ubuntu Security Notice USN-2294-1
Posted Jul 22, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2294-1 - It was discovered that Libtasn1 incorrectly handled certain ASN.1 data structures. An attacker could exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service. It was discovered that Libtasn1 incorrectly handled negative bit lengths. An attacker could exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-3467, CVE-2014-3468, CVE-2014-3469
MD5 | 6eabf0eb3b4fb112f11533d8dd59f4d2
Red Hat Security Advisory 2014-0687-01
Posted Jun 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0687-01 - The libtasn1 library provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions. It was discovered that the asn1_get_bit_der() function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data. Specially crafted ASN.1 input could cause an application using libtasn1 to perform an out-of-bounds access operation, causing the application to crash or, possibly, execute arbitrary code. Multiple incorrect buffer boundary check issues were discovered in libtasn1. Specially crafted ASN.1 input could cause an application using libtasn1 to crash.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2014-3467, CVE-2014-3468, CVE-2014-3469
MD5 | 63b38e5384484ef3dd697856040c95c8
Mandriva Linux Security Advisory 2014-107
Posted Jun 10, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-107 - Multiple buffer boundary check issues were discovered in libtasn1 library, causing it to read beyond the boundary of an allocated buffer. An untrusted ASN.1 input could cause an application using the library to crash. It was discovered that libtasn1 library function asn1_get_bit_der() could incorrectly report negative bit length of the value read from ASN.1 input. This could possibly lead to an out of bounds access in an application using libtasn1, for example in case if application tried to terminate read value with NUL byte. A NULL pointer dereference flaw was found in libtasn1's asn1_read_value_type() / asn1_read_value() function. If an application called the function with a NULL value for an ivalue argument to determine the amount of memory needed to store data to be read from the ASN.1 input, libtasn1 could incorrectly attempt to dereference the NULL pointer, causing an application using the library to crash. The packages for mes5 have been patched to correct these issues and the packages for mbs1 have been upgraded to the 3.6 version where these issues has been fixed.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-3467, CVE-2014-3468, CVE-2014-3469
MD5 | a21b623b750706c1195ebe22bd1bd8b8
Slackware Security Advisory - libtasn1 Updates
Posted Jun 6, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libtasn1 packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-3467, CVE-2014-3468, CVE-2014-3469
MD5 | cb759a6ed53d1364ad434d572e3c32cb
Page 1 of 2
Back12Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    7 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close