GNU Libtasn1

Do you want an email whenever new security vulnerabilities are reported in GNU Libtasn1?

By the Year

In 2024 there have been 0 vulnerabilities in GNU Libtasn1 . Libtasn1 did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2024	0	0.00
2023	0	0.00
2022	1	9.10
2021	0	0.00
2020	0	0.00
2019	0	0.00
2018	2	6.50

It may take a day or so for new Libtasn1 vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent GNU Libtasn1 Security Vulnerabilities

GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check

CVE-2021-46848 9.1 - Critical - October 24, 2022

GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.

off-by-five

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13

CVE-2018-1000654 5.5 - Medium - August 20, 2018

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.

An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13

CVE-2018-6003 7.5 - High - January 22, 2018

An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.

Stack Exhaustion

The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input

CVE-2017-10790 7.5 - High - July 02, 2017

The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.

NULL Pointer Dereference

Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file

CVE-2017-6891 8.8 - High - May 22, 2017

Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.

Memory Corruption

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Apache Bookkeeper or by GNU? Click the Watch button to subscribe.

GNU
Vendor

GNU Libtasn1
Product

GNU Libtasn1

By the Year

Recent GNU Libtasn1 Security Vulnerabilities

GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check CVE-2021-46848 9.1 - Critical - October 24, 2022

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13 CVE-2018-1000654 5.5 - Medium - August 20, 2018

An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13 CVE-2018-6003 7.5 - High - January 22, 2018

The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input CVE-2017-10790 7.5 - High - July 02, 2017

Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file CVE-2017-6891 8.8 - High - May 22, 2017