PT-2015-6243 · Gnu+5 · Gnu Libtasn1+5

Hanno Böck

Publicado

2015-05-01

Atualizado

2024-06-15

CVE-2015-3622

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions GNU Libtasn1 versions prior to 4.5

Description The issue allows remote attackers to cause a denial of service, specifically an out-of-bounds heap read, by providing a crafted certificate. This is related to the asn1 extract der octet function in lib/decoding.c.

Recommendations For GNU Libtasn1 versions prior to 4.5, update to version 4.5 or later to resolve the issue. As a temporary workaround, consider restricting the processing of crafted certificates to minimize the risk of exploitation.

Exploit

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2015-1469

CESA-2017_1860

CVE-2015-3622

DSA-3256-1

MGASA-2015-0200

OPENSUSE-SU-2024:10414-1

RHSA-2017:1860

RHSA-2017_1860

SUSE-SU-2015:1518-1

SUSE-SU-2015_1518-1

SUSE-SU-2016:1600-1

SUSE-SU-2016:1601-1

SUSE-SU-2016_1600-1

SUSE-SU-2016_1601-1

SUSE-SU-2017:2699-1

SUSE-SU-2017:2700-1

USN-2604-1

Produtos afetados

Alt Linux

Centos

Gnu Libtasn1

Red Hat

Suse

Ubuntu

PT-2015-6243 · Gnu+5 · Gnu Libtasn1+5

CVE-2015-3622

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 72