Skip to main content

Libtasn1

12 CVEs product

Monthly

CVE-2025-13151 HIGH PATCH This Week

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string. [CVSS 7.5 HIGH]

Buffer Overflow Stack Overflow Libtasn1 Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2018-1000654 MEDIUM POC This Month

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libtasn1
NVD
CVSS 3.0
5.5
EPSS
2.0%
CVE-2018-6003 HIGH PATCH This Week

An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libtasn1 Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2017-10790 HIGH POC This Week

The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libtasn1
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-6891 HIGH PATCH This Week

Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libtasn1 Debian Linux Bookkeeper
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2016-4008 MEDIUM This Month

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Ubuntu Linux Opensuse Libtasn1 Fedora
NVD
CVSS 3.0
5.9
EPSS
5.0%
CVE-2015-3622 MEDIUM POC This Month

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Opensuse Fedora Libtasn1
NVD
CVSS 2.0
4.3
EPSS
6.1%
CVE-2015-2806 CRITICAL Act Now

Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Ubuntu Linux Debian Linux Fedora Libtasn1
NVD
CVSS 2.0
10.0
EPSS
9.3%
CVE-2014-3469 MEDIUM PATCH This Month

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Null Pointer Dereference Gnutls Libtasn1 Virtualization +11
NVD
CVSS 2.0
5.0
EPSS
8.7%
CVE-2014-3468 HIGH PATCH Act Now

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.7%.

Buffer Overflow Gnutls Libtasn1 Virtualization Debian Linux +11
NVD
CVSS 2.0
7.5
EPSS
10.7%
CVE-2014-3467 MEDIUM PATCH This Month

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Buffer Overflow Gnutls Libtasn1 Virtualization +12
NVD
CVSS 2.0
5.0
EPSS
6.8%
CVE-2012-1569 MEDIUM POC PATCH THREAT This Month

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%.

Buffer Overflow Denial Of Service Gnutls Libtasn1
NVD
CVSS 2.0
5.0
EPSS
10.2%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string. [CVSS 7.5 HIGH]

Buffer Overflow Stack Overflow Libtasn1 +2
NVD VulDB
EPSS 2% CVSS 5.5
MEDIUM POC This Month

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libtasn1
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libtasn1 Debian Linux +1
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libtasn1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libtasn1 +2
NVD
EPSS 5% CVSS 5.9
MEDIUM This Month

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Ubuntu Linux Opensuse +2
NVD
EPSS 6% CVSS 4.3
MEDIUM POC This Month

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Opensuse +2
NVD
EPSS 9% CVSS 10.0
CRITICAL Act Now

Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Ubuntu Linux Debian Linux +2
NVD
EPSS 9% CVSS 5.0
MEDIUM PATCH This Month

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Null Pointer Dereference Gnutls +13
NVD
EPSS 11% CVSS 7.5
HIGH PATCH Act Now

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.7%.

Buffer Overflow Gnutls Libtasn1 +13
NVD
EPSS 7% CVSS 5.0
MEDIUM PATCH This Month

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Buffer Overflow Gnutls +14
NVD
EPSS 10% CVSS 5.0
MEDIUM POC PATCH THREAT This Month

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%.

Buffer Overflow Denial Of Service Gnutls +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy