Vulnerabilities > GNU > Libtasn1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-24 | CVE-2021-46848 | Off-by-one Error vulnerability in multiple products GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. | 9.1 |
| 2018-08-20 | CVE-2018-1000654 | Unspecified vulnerability in GNU Libtasn1 4.12/4.13 GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. | 5.5 |
| 2018-01-22 | CVE-2018-6003 | Uncontrolled Recursion vulnerability in multiple products An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. | 7.5 |
| 2017-07-02 | CVE-2017-10790 | NULL Pointer Dereference vulnerability in GNU Libtasn1 The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. | 7.5 |
| 2017-05-22 | CVE-2017-6891 | Out-of-bounds Write vulnerability in multiple products Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. | 8.8 |
| 2016-05-05 | CVE-2016-4008 | Resource Management Errors vulnerability in multiple products The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. | 5.9 |