Home > Vulnerability Database > CVE-2012-1569

Mend.io Vulnerability Database

CVE-2012-1569

Good to know:

Date: March 26, 2012

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.

Language: C

Severity Score

5.3

Related Resources (37)

Url: http://rhn.redhat.com/errata/RHSA-2012-0427.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html

Url: http://www.securitytracker.com/id?1026829

Url: http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53

Url: http://www.debian.org/security/2012/dsa-2440

Url: http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54

Url: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html

Url: https://bugzilla.redhat.com/show_bug.cgi?id=804920

Url: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html

Url: http://rhn.redhat.com/errata/RHSA-2012-0488.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2012:039

Url: http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html

Url: http://secunia.com/advisories/49002

Url: http://secunia.com/advisories/48397

Url: http://secunia.com/advisories/48596

Url: http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/

Url: http://secunia.com/advisories/57260

Url: http://secunia.com/advisories/48578

Url: http://www.gnu.org/software/gnutls/security.html

Url: https://access.redhat.com/security/cve/CVE-2012-1569

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-1569

Url: http://rhn.redhat.com/errata/RHSA-2012-0531.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2012-1569

Url: http://www.ubuntu.com/usn/USN-1436-1

Url: http://secunia.com/advisories/48505

Url: http://www.openwall.com/lists/oss-security/2012/03/21/5

Url: http://secunia.com/advisories/50739

Url: http://www.openwall.com/lists/oss-security/2012/03/20/8

Url: http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html

Url: http://linux.oracle.com/errata/ELSA-2014-0596.html

Url: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932

Url: http://www.openwall.com/lists/oss-security/2012/03/20/3

Url: http://secunia.com/advisories/48488

Url: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html

Url: https://www.mend.io/vulnerability-database/CVE-2012-1569

Severity Score

5.3

Weakness Type (CWE)

Numeric Errors

CWE-189

Top Fix

Upgrade Version

Upgrade to version Libtasn1 - 2.12;GnuTLS - 3.0.16

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-1569

Good to know:

Date: March 26, 2012

Language: C

Severity Score

Related Resources (37)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?