CVE-2025-13151
published 2026-01-07CVE-2025-13151: Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in…
PriorityP346high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.11%
61.8th percentile
Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libtasn1-6 | < libtasn1-6 4.21.0-2 (forky) | libtasn1-6 4.21.0-2 (forky) |
| gnu | libtasn1 | — | — |
| gnutls | libtasn1 | <= 4.20.0 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv9.1CRITICAL
vendor_ubuntu9.1CRITICAL
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
libtasn1-6 vulnerabilities
osv·2026-02-10·CVSS 9.1
CVE-2021-46848 [CRITICAL] libtasn1-6 vulnerabilities
libtasn1-6 vulnerabilities
USN-7954-1 fixed vulnerabilities in Libtasn1. This update provides the
corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu
18.04 LTS, and Ubuntu 20.04 LTS. CVE-2021-46848 only affected Ubuntu
14.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that Libtasn1 incorrectly handled decoding ASN.1
content. An attacker could possibly use this issue to cause Libtasn1 to
crash, resulting in a denial of service. (CVE-2025-13151)
It was discovered that Libtasn1 incorrectly handled encoding ASN.1
content. An attacker could possibly use this issue to cause Libtasn1 to
crash, resulting in a denial of service. This issue only affected
Ubuntu 22.04 LTS. (CVE-2021-46848)
OSV
libtasn1-6 vulnerabilities
osv·2026-01-12·CVSS 9.1
CVE-2025-13151 [CRITICAL] libtasn1-6 vulnerabilities
libtasn1-6 vulnerabilities
It was discovered that Libtasn1 incorrectly handled decoding ASN.1 content.
An attacker could possibly use this issue to cause Libtasn1 to crash,
resulting in a denial of service. (CVE-2025-13151)
It was discovered that Libtasn1 incorrectly handled encoding ASN.1 content.
An attacker could possibly use this issue to cause Libtasn1 to crash,
resulting in a denial of service. This issue only affected Ubuntu 22.04
LTS. (CVE-2021-46848)
GHSA
GHSA-f433-vfwr-65r3: Stack-based buffer overflow in libtasn1 version: v4
ghsa_unreviewed·2026-01-08
CVE-2025-13151 [HIGH] CWE-787 GHSA-f433-vfwr-65r3: Stack-based buffer overflow in libtasn1 version: v4
Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.
OSV
CVE-2025-13151: Stack-based buffer overflow in libtasn1 version: v4
osv·2026-01-07·CVSS 7.5
CVE-2025-13151 [HIGH] CVE-2025-13151: Stack-based buffer overflow in libtasn1 version: v4
Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.
Ubuntu
Libtasn1 vulnerabilities
vendor_ubuntu·2026-02-10·CVSS 9.1
CVE-2021-46848 [CRITICAL] Libtasn1 vulnerabilities
Title: Libtasn1 vulnerabilities
Summary: Several security issues were fixed in Libtasn1.
USN-7954-1 fixed vulnerabilities in Libtasn1. This update provides the
corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu
18.04 LTS, and Ubuntu 20.04 LTS. CVE-2021-46848 only affected Ubuntu
14.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that Libtasn1 incorrectly handled decoding ASN.1
content. An attacker could possibly use this issue to cause Libtasn1 to
crash, resulting in a denial of service. (CVE-2025-13151)
It was discovered that Libtasn1 incorrectly handled encoding ASN.1
content. An attacker could possibly use this issue to cause Libtasn1 to
crash, resulting in a denial of service. This issue only affected
Ubuntu 22.04 LTS.
Ubuntu
Libtasn1 vulnerabilities
vendor_ubuntu·2026-01-12·CVSS 9.1
CVE-2025-13151 [CRITICAL] Libtasn1 vulnerabilities
Title: Libtasn1 vulnerabilities
Summary: Libtasn1 could be made to crash if it received specially crafted input.
It was discovered that Libtasn1 incorrectly handled decoding ASN.1 content.
An attacker could possibly use this issue to cause Libtasn1 to crash,
resulting in a denial of service. (CVE-2025-13151)
It was discovered that Libtasn1 incorrectly handled encoding ASN.1 content.
An attacker could possibly use this issue to cause Libtasn1 to crash,
resulting in a denial of service. This issue only affected Ubuntu 22.04
LTS. (CVE-2021-46848)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string
vendor_redhat·2026-01-07·CVSS 7.5
CVE-2025-13151 [HIGH] CWE-120 libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string
libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string
Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.
A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.
Statement: This vulnerability is rated Low for Red Hat products. A stack-based buffer overflow in the `libtasn1` library, specifically within the `asn1_expend_octet_string` function,
Debian
CVE-2025-13151: libtasn1-6 - Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to ...
vendor_debian·2025·CVSS 7.5
CVE-2025-13151 [HIGH] CVE-2025-13151: libtasn1-6 - Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to ...
Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 4.21.0-2)
sid: resolved (fixed in 4.21.0-2)
trixie: open
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2025-13151 libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string [fedora-42]
bugzilla·2026-01-08·CVSS 7.5
CVE-2025-13151 [HIGH] CVE-2025-13151 libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string [fedora-42]
CVE-2025-13151 libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-13151 libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string
bugzilla·2026-01-07·CVSS 7.5
CVE-2025-13151 [HIGH] CVE-2025-13151 libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string
CVE-2025-13151 libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string
Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.
Wiz
CVE-2025-14831 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-14831 [HIGH] CVE-2025-14831 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14831 :
GnuTLS vulnerability analysis and mitigation
A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).
Source : NVD
## 5.3
Score
Published February 9, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
GnuTLS
Alma Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
libgnutls30-32bit
gnutls-guile
Sources
NVD
AlmaLinux 8 Severity MEDIUM Has Fix Added at: Mar 29, 2026
Wiz
CVE-2025-9820 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.0
CVE-2025-9820 [MEDIUM] CVE-2025-9820 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-9820 :
GnuTLS vulnerability analysis and mitigation
A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.
Source : NVD
## 4
Score
Published January 26, 2026
Severity MEDIUM
CNA Score 4.0
Affected Technologies
GnuTLS
Alma Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA
Wiz
CVE-2026-1584 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-1584 [HIGH] CVE-2026-1584 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1584 :
GnuTLS vulnerability analysis and mitigation
A TLS 1.3 resumption attempt with an invalid PSK binder value in ClientHello could lead to a denial of service attack via crashing the server.
Source : NVD
Published February 10, 2026
CNA Score N/A
Affected Technologies
GnuTLS
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gnutls-c++-debuginfo
gnutls-dane-debuginfo
Sources
NVD
Alpine 3.20, 3.21, 3.22, 3.23 Has Fix Added at: Feb 24, 2026
Alpine edge Has Fix Added at: Feb 11, 2026
Debian 14 Has Fix Added at: Feb 10, 2026
Debian Has Fix Added at: Feb 11, 2026
## Get a CVE risk assess
Wiz
CVE-2025-13151 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-13151 [HIGH] CVE-2025-13151 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-13151 :
NixOS vulnerability analysis and mitigation
Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.
Source : NVD
## 7.5
Score
Published January 7, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
GnuTLS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
libtasn1-debugsource
mingw-libtasn1
Sources
NVD
Alpine 3.18, 3.19 Severity HIGH Has Fix Added at: Feb 04, 2026
Alpine 3.20, 3.21, 3.22, 3.23 Severity HIGH Has Fix Added at: Jan 13, 2026
Alpine edge Severity HIGH
2026-01-07
Published