Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-1569

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.

See the

CVE page on Mitre.org for more details.

References

MLIST: [gnutls-devel] 2012031...
MLIST: [help-libtasn1] 201203...
MLIST: [help-libtasn1] 201203...
MLIST: [oss-security] 2012032...
MLIST: [oss-security] 2012032...
MLIST: [oss-security] 2012032...
MISC: http://blog.mudynamics...
CONFIRM: http://www.gnu.org/sof...
CONFIRM: https://bugzilla.redha...
SECUNIA: 48596
BUGTRAQ: 20120320 Mu Dynamics, ...
FEDORA: FEDORA-2012-4409
FEDORA: FEDORA-2012-4451
SECUNIA: 48488
SECUNIA: 48397
SECUNIA: 50739
REDHAT: RHSA-2012:0488
REDHAT: RHSA-2012:0531
SUSE: SUSE-SU-2014:0320
SECUNIA: 57260
CONFIRM: http://linux.oracle.co...
SECTRACK: 1026829
SECUNIA: 48505
SECUNIA: 48578
UBUNTU: USN-1436-1
SECUNIA: 49002
FEDORA: FEDORA-2012-4308
FEDORA: FEDORA-2012-4342
FEDORA: FEDORA-2012-4357
FEDORA: FEDORA-2012-4417
DEBIAN: DSA-2440
REDHAT: RHSA-2012:0427
MANDRIVA: MDVSA-2012:039

Launchpad.net

CVE 2012-1569

Related bugs

References