The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.
References
Link Providers
http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html cve-icon cve-icon
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932 cve-icon cve-icon
http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53 cve-icon cve-icon
http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54 cve-icon cve-icon
http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/ cve-icon cve-icon
http://linux.oracle.com/errata/ELSA-2014-0596.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0427.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0488.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0531.html cve-icon cve-icon
http://secunia.com/advisories/48397 cve-icon cve-icon
http://secunia.com/advisories/48488 cve-icon cve-icon
http://secunia.com/advisories/48505 cve-icon cve-icon
http://secunia.com/advisories/48578 cve-icon cve-icon
http://secunia.com/advisories/48596 cve-icon cve-icon
http://secunia.com/advisories/49002 cve-icon cve-icon
http://secunia.com/advisories/50739 cve-icon cve-icon
http://secunia.com/advisories/57260 cve-icon cve-icon
http://www.debian.org/security/2012/dsa-2440 cve-icon cve-icon
http://www.gnu.org/software/gnutls/security.html cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2012:039 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2012/03/20/3 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2012/03/20/8 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2012/03/21/5 cve-icon cve-icon
http://www.securitytracker.com/id?1026829 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-1436-1 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=804920 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2012-1569 cve-icon
https://www.cve.org/CVERecord?id=CVE-2012-1569 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-03-26T19:00:00

Updated: 2024-08-06T19:01:02.196Z

Reserved: 2012-03-12T00:00:00

Link: CVE-2012-1569

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-03-26T19:55:01.110

Modified: 2024-11-21T01:37:13.643

Link: CVE-2012-1569

cve-icon Redhat

Severity : Important

Publid Date: 2012-03-19T00:00:00Z

Links: CVE-2012-1569 - Bugzilla