CVE-2012-1569 Information

Feb 14, 2021 cve

Description

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12 as used in GnuTLS before 3.0.16 and other products does not properly handle certain large length values which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.

Reference

http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932 http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53 http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54 http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/ http://linux.oracle.com/errata/ELSA-2014-0596.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html http://rhn.redhat.com/errata/RHSA-2012-0427.html http://rhn.redhat.com/errata/RHSA-2012-0488.html http://rhn.redhat.com/errata/RHSA-2012-0531.html http://secunia.com/advisories/48397 http://secunia.com/advisories/48488 http://secunia.com/advisories/48505 http://secunia.com/advisories/48578 http://secunia.com/advisories/48596 http://secunia.com/advisories/49002 http://secunia.com/advisories/50739 http://secunia.com/advisories/57260 http://www.debian.org/security/2012/dsa-2440 http://www.gnu.org/software/gnutls/security.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:039 http://www.openwall.com/lists/oss-security/2012/03/20/3 http://www.openwall.com/lists/oss-security/2012/03/20/8 http://www.openwall.com/lists/oss-security/2012/03/21/5 http://www.securitytracker.com/id?1026829 http://www.ubuntu.com/usn/USN-1436-1 https://bugzilla.redhat.com/show_bug.cgi?id=804920

Share on: