Heap Memory Corruption in GNU Libtasn1 Used by GnuTLS and Other Products
CVE-2012-1569

Currently unrated

Key Information:

Vendor
Gnu
Status
Gnutls
Libtasn1
Vendor
CVE Published:
26 March 2012

Summary

A flaw in the asn1_get_length_der function within GNU Libtasn1 prior to version 2.12, utilized by GnuTLS before version 3.0.16, severely compromises the system by inadequately processing large length values. This vulnerability can be exploited by remote attackers to induce a denial of service, ultimately resulting in heap memory corruption and potentially crashing the application through specially crafted ASN.1 structures.

References

http://secunia.com/advisories/57260
third-party-advisoryx_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2012-0427.html
vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/48578
third-party-advisoryx_refsource_SECUNIA

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.