CVE-2015-2806
published 2015-04-10CVE-2015-2806: Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.
PriorityP351critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
7.80%
93.9th percentile
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | libtasn1-6 | < libtasn1-6 4.2-3 (bookworm) | libtasn1-6 4.2-3 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| gnu | libtasn1 | <= 4.3 | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-72cq-2586-ch4w: Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4
ghsa_unreviewed·2022-05-14
CVE-2015-2806 [HIGH] CWE-119 GHSA-72cq-2586-ch4w: Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.
OSV
CVE-2015-2806: Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4
osv·2015-04-10·CVSS 10.0
CVE-2015-2806 [CRITICAL] CVE-2015-2806: Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.
Ubuntu
Libtasn1 vulnerability
vendor_ubuntu·2015-04-08
CVE-2015-2806 Libtasn1 vulnerability
Title: Libtasn1 vulnerability
Summary: Libtasn1 could be made to crash or run programs if it processed specially
crafted data.
Hanno Böck discovered that Libtasn1 incorrectly handled certain ASN.1 data.
A remote attacker could possibly exploit this with specially crafted ASN.1
data and cause applications using Libtasn1 to crash, resulting in a denial
of service, or possibly execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
libtasn1: stack overflow in asn1_der_decoding
vendor_redhat·2015-03-26·CVSS 10.0
CVE-2015-2806 [CRITICAL] libtasn1: stack overflow in asn1_der_decoding
libtasn1: stack overflow in asn1_der_decoding
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.
A stack-based buffer overflow was found in the way libtasn1 decoded certain DER encoded data. An attacker could use this flaw to crash an application using the libtasn1 library.
Package: libtasn1 (Red Hat Enterprise Linux 6) - Will not fix
Package: mingw-virt-viewer (Red Hat Enterprise Virtualization 3) - Fix deferred
Debian
CVE-2015-2806: libtasn1-6 - Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows r...
vendor_debian·2015·CVSS 10.0
CVE-2015-2806 [CRITICAL] CVE-2015-2806: libtasn1-6 - Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows r...
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.
Scope: local
bookworm: resolved (fixed in 4.2-3)
bullseye: resolved (fixed in 4.2-3)
forky: resolved (fixed in 4.2-3)
sid: resolved (fixed in 4.2-3)
trixie: resolved (fixed in 4.2-3)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-2806 libtasn1: stack overflow in asn1_der_decoding
bugzilla·2015-03-30·CVSS 10.0
CVE-2015-2806 [CRITICAL] CVE-2015-2806 libtasn1: stack overflow in asn1_der_decoding
CVE-2015-2806 libtasn1: stack overflow in asn1_der_decoding
From http://lists.gnu.org/archive/html/help-libtasn1/2015-03/msg00002.html:
GNU Libtasn1 is a standalone library written in C for manipulating ASN.1
objects including DER/BER encoding/decoding. GNU Libtasn1 is used by
GnuTLS to handle X.509 structures and by GNU Shishi to handle Kerberos
V5 structures.
* Noteworthy changes in release 4.4 (released 2015-03-29) [stable]
- Corrected a two-byte stack overflow in asn1_der_decoding. Reported
by Hanno Böck.
Exact commit that fixes this:
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=4d4f992826a4962790ecd0cce6fbba4a415ce149
CVE request: http://seclists.org/oss-sec/2015/q1/1038
Discussion:
Created libtasn1 tracking bugs for this issue:
Affects: fedora-all [bug 120719
arXiv
Vital: Vulnerability-Oriented Symbolic Execution via Type-Unsafe Pointer-Guided Monte Carlo Tree Search
arxiv_fulltext·2025-12-12
Vital: Vulnerability-Oriented Symbolic Execution via Type-Unsafe Pointer-Guided Monte Carlo Tree Search
: Vulnerability-Oriented Symbolic Execution via Type-Unsafe Pointer-Guided Monte Carlo Tree Search
Haoxin Tu
Partial work was done when Haoxin was visiting the MPI Software Security Group led by Prof. Marcel Böhme.
Singapore Management University
Singapore
[email protected]
Lingxiao Jiang
Singapore Management University
Singapore
[email protected]
Marcel Böhme
Max Planck Institute for Security and Privacy
Germany
[email protected]
Haoxin Tu, Lingxiao Jiang, and Marcel Böhme
## Abstract
How do we find new memory safety bugs effectively when navigating a symbolic execution tree that suffers from the well-known path explosion challenge?
Existing solutions either adopt path search heuristics to maximize coverage rate or chopped symbolic execution to skip uninteresting code
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=4d4f992826a4962790ecd0cce6fbba4a415ce149http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154741.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/154805.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155117.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155270.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155435.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155483.htmlhttp://www.debian.org/security/2015/dsa-3220http://www.mandriva.com/security/advisories?name=MDVSA-2015:193http://www.openwall.com/lists/oss-security/2015/03/29/4http://www.openwall.com/lists/oss-security/2015/03/31/2http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.securityfocus.com/bid/73436http://www.securitytracker.com/id/1032080http://www.ubuntu.com/usn/USN-2559-1https://access.redhat.com/errata/RHSA-2017:1860https://security.gentoo.org/glsa/201509-04http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=4d4f992826a4962790ecd0cce6fbba4a415ce149http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154741.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/154805.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155117.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155270.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155435.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155483.htmlhttp://www.debian.org/security/2015/dsa-3220http://www.mandriva.com/security/advisories?name=MDVSA-2015:193http://www.openwall.com/lists/oss-security/2015/03/29/4http://www.openwall.com/lists/oss-security/2015/03/31/2http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.securityfocus.com/bid/73436http://www.securitytracker.com/id/1032080http://www.ubuntu.com/usn/USN-2559-1https://access.redhat.com/errata/RHSA-2017:1860https://security.gentoo.org/glsa/201509-04
2015-04-10
Published