Home

CVE-2015-3622

Description

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.

Risk Information

Base Score
5.9
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
6.062

Associated Vulnerability

VulnerabilityOS Platform
Library to manage ASN.1 structures (USN-2604-1) libtasn1-6_4.2-2ubuntu1.1_i386.debLinux
Library to manage ASN.1 structures (USN-2604-1) libtasn1-6_4.2-2ubuntu1.1_amd64.debLinux
libtasn1-6 security update(DSA-3568-1) libtasn1-6_4.2-3+deb8u2_i386.debLinux
libtasn1-6 security update(DSA-3568-1) libtasn1-6_4.2-3+deb8u2_amd64.debLinux
(RHSA-2017:1860) Moderate: libtasn1 security, bug fix, and enhancement update libtasn1-4.10-1.el7.i686.rpmLinux
(RHSA-2017:1860) Moderate: libtasn1 security, bug fix, and enhancement update libtasn1-4.10-1.el7.x86_64.rpmLinux
(RHSA-2017:1860) Moderate: libtasn1 security, bug fix, and enhancement update libtasn1-devel-4.10-1.el7.i686.rpmLinux
(RHSA-2017:1860) Moderate: libtasn1 security, bug fix, and enhancement update libtasn1-devel-4.10-1.el7.x86_64.rpmLinux
(RHSA-2017:1860) Moderate: libtasn1 security, bug fix, and enhancement update libtasn1-tools-4.10-1.el7.x86_64.rpmLinux
SUSE-SU-2016:1600-1(SUSE Linux Enterprise Server 11-SP4 ) libtasn1-1.5-1.34.1.x86_64.rpmLinux
SUSE-SU-2016:1600-1(SUSE Linux Enterprise Server 11-SP4 ) libtasn1-3-1.5-1.34.1.x86_64.rpmLinux
SUSE-SU-2016:1600-1(SUSE Linux Enterprise Server 11-SP4 ) libtasn1-3-32bit-1.5-1.34.1.x86_64.rpmLinux
SUSE-SU-2016:1601-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtasn1-3.7-11.1.x86_64.rpmLinux
SUSE-SU-2016:1601-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtasn1-6-3.7-11.1.x86_64.rpmLinux
SUSE-SU-2016:1601-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtasn1-6-32bit-3.7-11.1.x86_64.rpmLinux
SUSE-SU-2016:1601-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtasn1-6-debuginfo-3.7-11.1.x86_64.rpmLinux
SUSE-SU-2016:1601-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtasn1-6-debuginfo-32bit-3.7-11.1.x86_64.rpmLinux
SUSE-SU-2016:1601-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtasn1-debuginfo-3.7-11.1.x86_64.rpmLinux
SUSE-SU-2016:1601-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtasn1-debugsource-3.7-11.1.x86_64.rpmLinux
SUSE-SU-2015:1518-1(SUSE Linux Enterprise Desktop 12 ) gnutls-3.2.15-11.1.x86_64.rpmLinux
SUSE-SU-2015:1518-1(SUSE Linux Enterprise Desktop 12 ) gnutls-debuginfo-3.2.15-11.1.x86_64.rpmLinux
SUSE-SU-2015:1518-1(SUSE Linux Enterprise Desktop 12 ) gnutls-debugsource-3.2.15-11.1.x86_64.rpmLinux
SUSE-SU-2015:1518-1(SUSE Linux Enterprise Server 12 ) libgnutls-openssl27-3.2.15-11.1.x86_64.rpmLinux
SUSE-SU-2015:1518-1(SUSE Linux Enterprise Server 12 ) libgnutls-openssl27-debuginfo-3.2.15-11.1.x86_64.rpmLinux
SUSE-SU-2015:1518-1(SUSE Linux Enterprise Desktop 12 ) libgnutls28-3.2.15-11.1.x86_64.rpmLinux
SUSE-SU-2015:1518-1(SUSE Linux Enterprise Desktop 12 ) libgnutls28-32bit-3.2.15-11.1.x86_64.rpmLinux
SUSE-SU-2015:1518-1(SUSE Linux Enterprise Desktop 12 ) libgnutls28-debuginfo-3.2.15-11.1.x86_64.rpmLinux
SUSE-SU-2015:1518-1(SUSE Linux Enterprise Desktop 12 ) libgnutls28-debuginfo-32bit-3.2.15-11.1.x86_64.rpmLinux
(CESA-2017:1860) Moderate: libtasn1 security, bug fix, and enhancement update libtasn1-tools-4.10-1.el7.x86_64.rpmLinux
(RHSA-2017:1860)Moderate: security, bug fix, and enhancement update libtasn1-debuginfo-4.10-1.el7.i686.rpmLinux
(RHSA-2017:1860)Moderate: security, bug fix, and enhancement update libtasn1-debuginfo-4.10-1.el7.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234