Vulnerabilities (CVE)

Filtered by vendor Gnu Subscribe

Filtered by product Libtasn1

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-1000654	1 Gnu	1 Libtasn1	2021-02-25	7.1 HIGH	5.5 MEDIUM
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.
CVE-2016-4008	4 Canonical, Fedoraproject, Gnu and 1 more	4 Ubuntu Linux, Fedora, Libtasn1 and 1 more	2018-10-30	4.3 MEDIUM	5.9 MEDIUM
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.