CVE-2015-3622

CWE-119 — Buffer Overflow CWE-122 — Heap-based Buffer Overflow11 documents8 sources

Severity

4.3MEDIUM

EPSS

6.1%

top 9.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Libtasn1 Fedoraproject Fedora Opensuse Opensuse

Timeline

PublishedMay 12

Latest updateMay 14

Description

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶Debianlibtasn1-6< 4.4-3+3

▶NVDgnu/libtasn14.4

▶NVDopensuse/opensuse13.2

Also affects: Fedora 21

🔴Vulnerability Details

GHSA

GHSA-359p-x9w8-8g33: The _asn1_extract_der_octet function in lib/decoding↗2022-05-14

▶

OSV

CVE-2015-3622: The _asn1_extract_der_octet function in lib/decoding↗2015-05-12

▶

CVEList

CVE-2015-3622: The _asn1_extract_der_octet function in lib/decoding↗2015-05-12

▶

📋Vendor Advisories

Ubuntu

Libtasn1 vulnerability↗2015-05-11

▶

Red Hat

libtasn1: heap overflow flaw in _asn1_extract_der_octet()↗2015-04-30

▶

Debian

CVE-2015-3622: libtasn1-6 - The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4....↗2015

▶

💬Community

Bugzilla

CVE-2015-3622 libtasn1: heap overflow flaw in _asn1_extract_der_octet()↗2015-05-04

▶

Bugzilla

CVE-2015-3622 mingw-libtasn1: libtasn1: heap overflow flaw in _asn1_extract_der_octet() [epel-7]↗2015-05-04

▶

Bugzilla

CVE-2015-3622 mingw-libtasn1: libtasn1: heap overflow flaw in _asn1_extract_der_octet() [fedora-all]↗2015-05-04

▶

Bugzilla

CVE-2015-3622 libtasn1: heap overflow flaw in _asn1_extract_der_octet() [fedora-all]↗2015-05-04

▶