CVE-2012-1569 in GnuTLSinfo

Summary

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

03/12/2012

Disclosure

03/26/2012

Status

Confirmed

Entries

CPE

ready

CWE

CWE-189

CVSS

10.0

EPSS

0.10166

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-1569
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-1569
CVE Details	https://www.cvedetails.com/cve/CVE-2012-1569/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!