CVE-2015-3622

Опубликовано: 12 мая 2015

Источник: debian

EPSS Низкий

Описание

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libtasn1-6	fixed	4.4-3		package
libtasn1-3	not-affected			package

Примечания

https://blog.fuzzing-project.org/9-Heap-overflow-invalid-read-in-Libtasn1-TFPA-0052015.html
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=f979435823a02f842c41d49cd41cc81f25b5d677
Introduced by http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=609d5c1366fb424f6150c4eed358d246e61cf204 (libtasn1_3_6)
DECR_LEN introduced in http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=154909136c12cfa5c60732b7210827dfb1ec6aee (libtasn1_3_6)

EPSS

Процентиль: 90%

0.06062

Низкий

Связанные уязвимости

CVE-2015-3622

ubuntu

больше 10 лет назад

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.

CVE-2015-3622

CVSS3: 5.9

redhat

больше 10 лет назад

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.

CVE-2015-3622

nvd

больше 10 лет назад

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.

GHSA-359p-x9w8-8g33

github

больше 3 лет назад

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.

openSUSE-SU-2016:1674-1

suse-cvrf

больше 9 лет назад

Security update for libtasn1

EPSS

Процентиль: 90%

0.06062

Низкий