CVE-2015-3622
published 2015-05-12CVE-2015-3622: The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap…
PriorityP432medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
33.09%
98.2th percentile
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libtasn1-6 | < libtasn1-6 4.4-3 (bookworm) | libtasn1-6 4.4-3 (bookworm) |
| fedoraproject | fedora | — | — |
| gnu | libtasn1 | <= 4.4 | — |
| opensuse | opensuse | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Libtasn1 vulnerability
vendor_ubuntu·2015-05-11
CVE-2015-3622 Libtasn1 vulnerability
Title: Libtasn1 vulnerability
Summary: Libtasn1 could be made to crash or run programs if it processed specially
crafted data.
Hanno Böck discovered that Libtasn1 incorrectly handled certain ASN.1 data.
A remote attacker could possibly exploit this with specially crafted ASN.1
data and cause applications using Libtasn1 to crash, resulting in a denial
of service, or possibly execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
libtasn1: heap overflow flaw in _asn1_extract_der_octet()
vendor_redhat·2015-04-30·CVSS 4.3
CVE-2015-3622 [MEDIUM] CWE-122 libtasn1: heap overflow flaw in _asn1_extract_der_octet()
libtasn1: heap overflow flaw in _asn1_extract_der_octet()
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
A heap-based buffer overflow flaw was found in the way the libtasn1 library decoded certain DER-encoded inputs. A specially crafted DER-encoded input could cause an application using libtasn1 to perform an invalid read, causing the application to crash.
Package: libtasn1 (Red Hat Enterprise Linux 6) - Will not fix
Package: mingw-virt-viewer (Red Hat Enterprise Virtualization 3) - Fix deferred
Debian
CVE-2015-3622: libtasn1-6 - The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4....
vendor_debian·2015·CVSS 4.3
CVE-2015-3622 [MEDIUM] CVE-2015-3622: libtasn1-6 - The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4....
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
Scope: local
bookworm: resolved (fixed in 4.4-3)
bullseye: resolved (fixed in 4.4-3)
forky: resolved (fixed in 4.4-3)
sid: resolved (fixed in 4.4-3)
trixie: resolved (fixed in 4.4-3)
GHSA
GHSA-359p-x9w8-8g33: The _asn1_extract_der_octet function in lib/decoding
ghsa_unreviewed·2022-05-14
CVE-2015-3622 [MEDIUM] CWE-119 GHSA-359p-x9w8-8g33: The _asn1_extract_der_octet function in lib/decoding
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
OSV
CVE-2015-3622: The _asn1_extract_der_octet function in lib/decoding
osv·2015-05-12·CVSS 4.3
CVE-2015-3622 [MEDIUM] CVE-2015-3622: The _asn1_extract_der_octet function in lib/decoding
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-3622 libtasn1: heap overflow flaw in _asn1_extract_der_octet()
bugzilla·2015-05-04·CVSS 4.3
CVE-2015-3622 [MEDIUM] CVE-2015-3622 libtasn1: heap overflow flaw in _asn1_extract_der_octet()
CVE-2015-3622 libtasn1: heap overflow flaw in _asn1_extract_der_octet()
A heap-based buffer overflow flaw was found in the way the libtasn1 library decoded certain DER-encoded input. A specially crafted, DER-encoded input could cause an application using libtasn1 to perform an invalid read, causing the application to crash.
Upstream patch:
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=f979435823a02f842c41d49cd41cc81f25b5d677
Discussion:
Reproducer:
https://crashes.fuzzing-project.org/TFPA-2015-005-libtasn1-4.4-heap-overflow.crt
Sample malformed certificate exposing heap overflow (test with certtool -i --inder --infile=[sample] and address sanitizer or valgrind)
---
Created libtasn1 tracking bugs for this issue:
Affects: fedora-all [bug 1218142]
---
Created m
Bugzilla
CVE-2015-3622 mingw-libtasn1: libtasn1: heap overflow flaw in _asn1_extract_der_octet() [epel-7]
bugzilla·2015-05-04·CVSS 4.3
CVE-2015-3622 [MEDIUM] CVE-2015-3622 mingw-libtasn1: libtasn1: heap overflow flaw in _asn1_extract_der_octet() [epel-7]
CVE-2015-3622 mingw-libtasn1: libtasn1: heap overflow flaw in _asn1_extract_der_octet() [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-7 tracking bug for mingw-li
Bugzilla
CVE-2015-3622 mingw-libtasn1: libtasn1: heap overflow flaw in _asn1_extract_der_octet() [fedora-all]
bugzilla·2015-05-04·CVSS 4.3
CVE-2015-3622 [MEDIUM] CVE-2015-3622 mingw-libtasn1: libtasn1: heap overflow flaw in _asn1_extract_der_octet() [fedora-all]
CVE-2015-3622 mingw-libtasn1: libtasn1: heap overflow flaw in _asn1_extract_der_octet() [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple
Bugzilla
CVE-2015-3622 libtasn1: heap overflow flaw in _asn1_extract_der_octet() [fedora-all]
bugzilla·2015-05-04·CVSS 4.3
CVE-2015-3622 [MEDIUM] CVE-2015-3622 libtasn1: heap overflow flaw in _asn1_extract_der_octet() [fedora-all]
CVE-2015-3622 libtasn1: heap overflow flaw in _asn1_extract_der_octet() [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versi
arXiv
Vital: Vulnerability-Oriented Symbolic Execution via Type-Unsafe Pointer-Guided Monte Carlo Tree Search
arxiv_fulltext·2025-12-12
Vital: Vulnerability-Oriented Symbolic Execution via Type-Unsafe Pointer-Guided Monte Carlo Tree Search
: Vulnerability-Oriented Symbolic Execution via Type-Unsafe Pointer-Guided Monte Carlo Tree Search
Haoxin Tu
Partial work was done when Haoxin was visiting the MPI Software Security Group led by Prof. Marcel Böhme.
Singapore Management University
Singapore
[email protected]
Lingxiao Jiang
Singapore Management University
Singapore
[email protected]
Marcel Böhme
Max Planck Institute for Security and Privacy
Germany
[email protected]
Haoxin Tu, Lingxiao Jiang, and Marcel Böhme
## Abstract
How do we find new memory safety bugs effectively when navigating a symbolic execution tree that suffers from the well-known path explosion challenge?
Existing solutions either adopt path search heuristics to maximize coverage rate or chopped symbolic execution to skip uninteresting code
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158225.htmlhttp://lists.opensuse.org/opensuse-updates/2015-08/msg00014.htmlhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00047.htmlhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00097.htmlhttp://packetstormsecurity.com/files/131711/libtasn1-Heap-Overflow.htmlhttp://seclists.org/fulldisclosure/2015/Apr/109http://www.debian.org/security/2015/dsa-3256http://www.mandriva.com/security/advisories?name=MDVSA-2015:232http://www.securityfocus.com/bid/74419http://www.securitytracker.com/id/1032246http://www.ubuntu.com/usn/USN-2604-1https://access.redhat.com/errata/RHSA-2017:1860https://lists.gnu.org/archive/html/help-libtasn1/2015-04/msg00000.htmlhttps://security.gentoo.org/glsa/201509-04http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158225.htmlhttp://lists.opensuse.org/opensuse-updates/2015-08/msg00014.htmlhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00047.htmlhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00097.htmlhttp://packetstormsecurity.com/files/131711/libtasn1-Heap-Overflow.htmlhttp://seclists.org/fulldisclosure/2015/Apr/109http://www.debian.org/security/2015/dsa-3256http://www.mandriva.com/security/advisories?name=MDVSA-2015:232http://www.securityfocus.com/bid/74419http://www.securitytracker.com/id/1032246http://www.ubuntu.com/usn/USN-2604-1https://access.redhat.com/errata/RHSA-2017:1860https://lists.gnu.org/archive/html/help-libtasn1/2015-04/msg00000.htmlhttps://security.gentoo.org/glsa/201509-04
2015-05-12
Published