CVE-2012-1569

Currently unrated

Key Information:

Vendor: Gnu
Status: Gnutls; Libtasn1
Vendor: CVE Published:; 26 March 2012

Summary

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.

References

http://secunia.com/advisories/57260

third-party-advisoryx_refsource_SECUNIA

http://rhn.redhat.com/errata/RHSA-2012-0427.html

vendor-advisoryx_refsource_REDHAT

http://secunia.com/advisories/48578

third-party-advisoryx_refsource_SECUNIA

EPSS Score

89% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 26, 2012
Vulnerability Reserved
Mar 12, 2012