FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-1569

This CVE name corresponds to:

Entered	Topic
2012-03-21	libtasn1 -- ASN.1 length decoding vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2012-1569 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2012-1569
Phase	Assigned(20120312)

Description

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.

References

Source	Reference
BUGTRAQ	20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1
MLIST	[gnutls-devel] 20120316 gnutls 3.0.16
MLIST	[help-libtasn1] 20120319 GNU Libtasn1 2.12 released
MLIST	[help-libtasn1] 20120319 minimal fix to security issue
MLIST	[oss-security] 20120320 CVE request: libtasn1 "asn1_get_length_der()" DER decoding issue
MLIST	[oss-security] 20120320 Re: CVE request: libtasn1 "asn1_get_length_der()" DER decoding issue
MLIST	[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01
MISC	http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/
CONFIRM	http://www.gnu.org/software/gnutls/security.html
CONFIRM	https://bugzilla.redhat.com/show_bug.cgi?id=804920
CONFIRM	http://linux.oracle.com/errata/ELSA-2014-0596.html
FEDORA	FEDORA-2012-4409
FEDORA	FEDORA-2012-4451
REDHAT	RHSA-2012:0488
REDHAT	RHSA-2012:0531
SUSE	SUSE-SU-2014:0320
SECUNIA	48596
SECUNIA	48488
SECUNIA	48397
SECUNIA	50739
SECUNIA	57260