CVE-2012-1569
Description
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
10.166
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Library to manage ASN.1 structures (USN-2604-1) libtasn1-3_2.10-1ubuntu1.4_i386.deb | Linux |
| Library to manage ASN.1 structures (USN-2604-1) libtasn1-3_2.10-1ubuntu1.4_amd64.deb | Linux |
| Libtasn1 update (ELSA-2014-0596) libtasn1-2.3-6.el6_5.x86_64.rpm | Linux |
| Libtasn1-devel update (ELSA-2014-0596) libtasn1-devel-2.3-6.el6_5.x86_64.rpm | Linux |
| Libtasn1-tools update (ELSA-2014-0596) libtasn1-tools-2.3-6.el6_5.x86_64.rpm | Linux |
| Libtasn1 update (ELSA-2014-0596) libtasn1-2.3-6.el6_5.i686.rpm | Linux |
| Libtasn1-devel update (ELSA-2014-0596) libtasn1-devel-2.3-6.el6_5.i686.rpm | Linux |
| Libtasn1-tools update (ELSA-2014-0596) libtasn1-tools-2.3-6.el6_5.i686.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234