CVE-2012-1569

GnuTLS < 3.0.16 - Denial of Service via ASN.1 Length Handling

Title source: llm
STIX 2.1

Description

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.

References (33)

Core 33
Core References
Various Sources x_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-0596.html
Various Sources mailing-list x_refsource_mlist
http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53
Various Sources mailing-list x_refsource_mlist
http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57260
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0427.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48578
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0531.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49002
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/20/8
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/21/5
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48488
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1436-1
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html
Vendor Advisory x_refsource_confirm
http://www.gnu.org/software/gnutls/security.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=804920
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0488.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1026829
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48596
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/50739
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48397
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48505
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/20/3
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2440
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:039
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html

Scores

EPSS 0.1017
EPSS Percentile 93.2%

Details

CWE
CWE-189
Status published
Products (50)
gnu/gnutls 1.0.16
gnu/gnutls 1.0.17
gnu/gnutls 1.0.18
gnu/gnutls 1.0.19
gnu/gnutls 1.0.20
gnu/gnutls 1.0.21
gnu/gnutls 1.0.22
gnu/gnutls 1.0.23
gnu/gnutls 1.0.24
gnu/gnutls 1.0.25
... and 40 more
Published Mar 26, 2012
Tracked Since Feb 18, 2026