CVE-2012-1569

CWE-1897 documents6 sources

Severity

5.0MEDIUM

EPSS

10.2%

top 6.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Gnutls GNU Libtasn1

Timeline

PublishedMar 26

Latest updateMay 14

Description

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDgnu/gnutls3.0.15+166

▶NVDgnu/libtasn12.11+53

Patches

Patch: article.gmane.org ↗Patch: article.gmane.org ↗

🔴Vulnerability Details

GHSA

GHSA-jcv4-2hjq-vv2c: The asn1_get_length_der function in decoding↗2022-05-14

▶

CVEList

CVE-2012-1569: The asn1_get_length_der function in decoding↗2012-03-26

▶

📋Vendor Advisories

Ubuntu

Libtasn1 vulnerability↗2012-05-02

▶

Red Hat

libtasn1: DER decoding buffer overflow (GNUTLS-SA-2012-3, MU-201202-02)↗2012-03-19

▶

💬Community

Bugzilla

CVE-2012-1569 mingw32-gnutls: libtasn1: DER decoding buffer overflow [fedora-all]↗2012-03-21

▶

Bugzilla

CVE-2012-1569 libtasn1: DER decoding buffer overflow (GNUTLS-SA-2012-3, MU-201202-02)↗2012-03-20

▶