Podatność CVE-2012-1569
Publikacja: 2012-03-26

Opis:
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.

Typ:

CWE-189

 (Numeric Errors)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
5/10
2.9/10
10/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Niska
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Brak
Brak
Częściowy
Affected software
GNU -> Gnutls 
GNU -> Libtasn1 

 Referencje:
http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932
http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53
http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54
http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/
http://linux.oracle.com/errata/ELSA-2014-0596.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
http://rhn.redhat.com/errata/RHSA-2012-0427.html
http://rhn.redhat.com/errata/RHSA-2012-0488.html
http://rhn.redhat.com/errata/RHSA-2012-0531.html
http://secunia.com/advisories/48505
http://secunia.com/advisories/48578
http://secunia.com/advisories/49002
http://www.debian.org/security/2012/dsa-2440
http://www.gnu.org/software/gnutls/security.html
http://www.mandriva.com/security/advisories?name=MDVSA-2012:039
http://www.openwall.com/lists/oss-security/2012/03/20/3
http://www.openwall.com/lists/oss-security/2012/03/20/8
http://www.openwall.com/lists/oss-security/2012/03/21/5
http://www.securitytracker.com/id?1026829
http://www.ubuntu.com/usn/USN-1436-1
https://bugzilla.redhat.com/show_bug.cgi?id=804920
Copyright 2024, cxsecurity.com

 

Back to Top