Vulnerability in Gnu Gnutls
CVE-2012-1569
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of servic…
EPSS: 0.102 (93.3th percentile) — read the EPSS interpretation.
Affected products
- Gnu Gnutls — versions 1.0.16, 1.0.17, 1.0.18
- Gnu Libtasn1 — versions 0.1.0, 0.1.1, 0.1.2
- N/a — versions n/a
Weakness classification (CWE)
References
- 57260 (x_refsource_SECUNIA, third-party-advisory)
- RHSA-2012:0427 (x_refsource_REDHAT, vendor-advisory)
- 48578 (x_refsource_SECUNIA, third-party-advisory)
- RHSA-2012:0531 (x_refsource_REDHAT, vendor-advisory)
- 49002 (x_refsource_SECUNIA, third-party-advisory)
- FEDORA-2012-4357 (x_refsource_FEDORA, vendor-advisory)
- [oss-security] 20120320 Re: CVE request: libtasn1 "asn1_get_length_der()" DER decoding issue (mailing-list, x_refsource_MLIST)
- [oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01 (mailing-list, x_refsource_MLIST)
- 48488 (x_refsource_SECUNIA, third-party-advisory)
- USN-1436-1 (x_refsource_UBUNTU, vendor-advisory)