National Vulnerability Database (NVD) National Vulnerability Database (CVE-2012-1569)

National Cyber Awareness System

Vulnerability Summary for CVE-2012-1569

Original release date:03/26/2012

Last revised:05/04/2013

Source: US-CERT/NIST

Overview

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Allows disruption of serviceUnknown

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: MLIST

Name: [gnutls-devel] 20120316 gnutls 3.0.16

Type: Patch Information

Hyperlink:http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=804920

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=804920

External Source: MLIST

Name: [oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01

Hyperlink:http://www.openwall.com/lists/oss-security/2012/03/21/5

External Source: MLIST

Name: [oss-security] 20120320 Re: CVE request: libtasn1

Hyperlink:http://www.openwall.com/lists/oss-security/2012/03/20/8

External Source: MLIST

Name: [oss-security] 20120320 CVE request: libtasn1

Hyperlink:http://www.openwall.com/lists/oss-security/2012/03/20/3

External Source: CONFIRM

Name: http://www.gnu.org/software/gnutls/security.html

Type: Advisory

Hyperlink:http://www.gnu.org/software/gnutls/security.html

External Source: SECUNIA

Name: 50739

Hyperlink:http://secunia.com/advisories/50739

External Source: SECUNIA

Name: 48596

Hyperlink:http://secunia.com/advisories/48596

External Source: SECUNIA

Name: 48488

Hyperlink:http://secunia.com/advisories/48488

External Source: SECUNIA

Name: 48397

Hyperlink:http://secunia.com/advisories/48397

External Source: REDHAT

Name: RHSA-2012:0531

Hyperlink:http://rhn.redhat.com/errata/RHSA-2012-0531.html

External Source: REDHAT

Name: RHSA-2012:0488

Hyperlink:http://rhn.redhat.com/errata/RHSA-2012-0488.html

External Source: FEDORA

Name: FEDORA-2012-4409

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html

External Source: FEDORA

Name: FEDORA-2012-4451

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html

External Source: MISC

Name: http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/

Hyperlink:http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/

External Source: MLIST

Name: [help-libtasn1] 20120319 minimal fix to security issue

Hyperlink:http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54

External Source: MLIST

Name: [help-libtasn1] 20120319 GNU Libtasn1 2.12 released

Hyperlink:http://article.gmane.org/gmane.comp.gnu.libtasn1.general/53

External Source: BUGTRAQ

Name: 20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1

Hyperlink:http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html

Vulnerable software and versions

Configuration 1

* cpe:/a:gnu:libtasn1:2.10

* cpe:/a:gnu:libtasn1:2.9

* cpe:/a:gnu:libtasn1:2.8

* cpe:/a:gnu:libtasn1:2.7

* cpe:/a:gnu:libtasn1:2.6

* cpe:/a:gnu:libtasn1:2.5

* cpe:/a:gnu:libtasn1:2.4

* cpe:/a:gnu:libtasn1:2.3

* cpe:/a:gnu:libtasn1:2.2

* cpe:/a:gnu:libtasn1:2.1

* cpe:/a:gnu:libtasn1:2.0

* cpe:/a:gnu:libtasn1:1.8

* cpe:/a:gnu:libtasn1:1.7

* cpe:/a:gnu:libtasn1:1.6

* cpe:/a:gnu:libtasn1:1.5

* cpe:/a:gnu:libtasn1:1.4

* cpe:/a:gnu:libtasn1:1.3

* cpe:/a:gnu:libtasn1:1.2

* cpe:/a:gnu:libtasn1:1.1

* cpe:/a:gnu:libtasn1:1.0

* cpe:/a:gnu:libtasn1:0.3.10

* cpe:/a:gnu:libtasn1:0.3.9

* cpe:/a:gnu:libtasn1:0.3.8

* cpe:/a:gnu:libtasn1:0.3.7

* cpe:/a:gnu:libtasn1:0.3.6

* cpe:/a:gnu:libtasn1:0.3.5

* cpe:/a:gnu:libtasn1:0.3.4

* cpe:/a:gnu:libtasn1:0.3.3

* cpe:/a:gnu:libtasn1:0.3.2

* cpe:/a:gnu:libtasn1:0.3.1

* cpe:/a:gnu:libtasn1:0.3.0

* cpe:/a:gnu:libtasn1:0.2.18

* cpe:/a:gnu:libtasn1:0.2.17

* cpe:/a:gnu:libtasn1:0.2.16

* cpe:/a:gnu:libtasn1:0.2.15

* cpe:/a:gnu:libtasn1:0.2.14

* cpe:/a:gnu:libtasn1:0.2.13

* cpe:/a:gnu:libtasn1:0.2.12

* cpe:/a:gnu:libtasn1:0.2.11

* cpe:/a:gnu:libtasn1:0.2.10

* cpe:/a:gnu:libtasn1:0.2.9

* cpe:/a:gnu:libtasn1:0.2.8

* cpe:/a:gnu:libtasn1:0.2.7

* cpe:/a:gnu:libtasn1:0.2.6

* cpe:/a:gnu:libtasn1:0.2.5

* cpe:/a:gnu:libtasn1:0.2.4

* cpe:/a:gnu:libtasn1:0.2.3

* cpe:/a:gnu:libtasn1:0.2.2

* cpe:/a:gnu:libtasn1:0.2.1

* cpe:/a:gnu:libtasn1:0.2.0

* cpe:/a:gnu:libtasn1:0.1.2

* cpe:/a:gnu:libtasn1:0.1.1

* cpe:/a:gnu:libtasn1:0.1.0

* cpe:/a:gnu:libtasn1:2.11 and previous versions

* cpe:/a:gnu:gnutls:2.12.0

* cpe:/a:gnu:gnutls:2.12.1

* cpe:/a:gnu:gnutls:1.0.22

* cpe:/a:gnu:gnutls:1.0.23

* cpe:/a:gnu:gnutls:1.0.20

* cpe:/a:gnu:gnutls:1.0.21

* cpe:/a:gnu:gnutls:1.0.18

* cpe:/a:gnu:gnutls:1.0.19

* cpe:/a:gnu:gnutls:1.0.16

* cpe:/a:gnu:gnutls:1.0.17

* cpe:/a:gnu:gnutls:1.1.18

* cpe:/a:gnu:gnutls:1.1.19

* cpe:/a:gnu:gnutls:1.1.16

* cpe:/a:gnu:gnutls:1.1.17

* cpe:/a:gnu:gnutls:1.1.14

* cpe:/a:gnu:gnutls:1.1.15

* cpe:/a:gnu:gnutls:1.0.24

* cpe:/a:gnu:gnutls:1.0.25

* cpe:/a:gnu:gnutls:1.1.21

* cpe:/a:gnu:gnutls:1.1.20

* cpe:/a:gnu:gnutls:1.1.23

* cpe:/a:gnu:gnutls:1.1.22

* cpe:/a:gnu:gnutls:1.2.1

* cpe:/a:gnu:gnutls:2.12.10

* cpe:/a:gnu:gnutls:1.2.0

* cpe:/a:gnu:gnutls:1.2.11

* cpe:/a:gnu:gnutls:1.2.10

* cpe:/a:gnu:gnutls:1.2.3

* cpe:/a:gnu:gnutls:1.2.2

* cpe:/a:gnu:gnutls:1.2.5

* cpe:/a:gnu:gnutls:1.2.4

* cpe:/a:gnu:gnutls:1.2.7

* cpe:/a:gnu:gnutls:1.2.6

* cpe:/a:gnu:gnutls:1.2.8.1a1

* cpe:/a:gnu:gnutls:1.2.8

* cpe:/a:gnu:gnutls:1.2.9

* cpe:/a:gnu:gnutls:1.3.0

* cpe:/a:gnu:gnutls:1.3.1

* cpe:/a:gnu:gnutls:1.3.2

* cpe:/a:gnu:gnutls:1.3.3

* cpe:/a:gnu:gnutls:1.3.4

* cpe:/a:gnu:gnutls:1.3.5

* cpe:/a:gnu:gnutls:2.10.0

* cpe:/a:gnu:gnutls:1.4.0

* cpe:/a:gnu:gnutls:1.4.1

* cpe:/a:gnu:gnutls:2.10.1

* cpe:/a:gnu:gnutls:2.10.2

* cpe:/a:gnu:gnutls:2.10.3

* cpe:/a:gnu:gnutls:2.10.4

* cpe:/a:gnu:gnutls:1.4.5

* cpe:/a:gnu:gnutls:2.10.5

* cpe:/a:gnu:gnutls:1.6.3

* cpe:/a:gnu:gnutls:1.7.14

* cpe:/a:gnu:gnutls:1.7.15

* cpe:/a:gnu:gnutls:1.7.12

* cpe:/a:gnu:gnutls:2.0.4

* cpe:/a:gnu:gnutls:1.7.13

* cpe:/a:gnu:gnutls:1.7.18

* cpe:/a:gnu:gnutls:1.1.13

* cpe:/a:gnu:gnutls:1.7.19

* cpe:/a:gnu:gnutls:1.7.16

* cpe:/a:gnu:gnutls:1.7.17

* cpe:/a:gnu:gnutls:2.0.2

* cpe:/a:gnu:gnutls:1.5.0

* cpe:/a:gnu:gnutls:2.0.3

* cpe:/a:gnu:gnutls:1.4.4

* cpe:/a:gnu:gnutls:2.0.0

* cpe:/a:gnu:gnutls:1.4.3

* cpe:/a:gnu:gnutls:2.0.1

* cpe:/a:gnu:gnutls:1.4.2

* cpe:/a:gnu:gnutls:2.1.2

* cpe:/a:gnu:gnutls:1.5.4

* cpe:/a:gnu:gnutls:2.1.3

* cpe:/a:gnu:gnutls:1.5.3

* cpe:/a:gnu:gnutls:2.1.0

* cpe:/a:gnu:gnutls:1.5.2

* cpe:/a:gnu:gnutls:2.1.1

* cpe:/a:gnu:gnutls:1.5.1

* cpe:/a:gnu:gnutls:2.1.7

* cpe:/a:gnu:gnutls:1.6.1

* cpe:/a:gnu:gnutls:2.1.6

* cpe:/a:gnu:gnutls:1.6.2

* cpe:/a:gnu:gnutls:2.1.5

* cpe:/a:gnu:gnutls:1.5.5

* cpe:/a:gnu:gnutls:2.1.4

* cpe:/a:gnu:gnutls:1.6.0

* cpe:/a:gnu:gnutls:1.7.2

* cpe:/a:gnu:gnutls:1.7.3

* cpe:/a:gnu:gnutls:1.7.0

* cpe:/a:gnu:gnutls:2.1.8

* cpe:/a:gnu:gnutls:1.7.1

* cpe:/a:gnu:gnutls:1.7.6

* cpe:/a:gnu:gnutls:1.7.7

* cpe:/a:gnu:gnutls:1.7.4

* cpe:/a:gnu:gnutls:1.7.5

* cpe:/a:gnu:gnutls:1.7.10

* cpe:/a:gnu:gnutls:1.7.11

* cpe:/a:gnu:gnutls:1.7.8

* cpe:/a:gnu:gnutls:1.7.9

* cpe:/a:gnu:gnutls:2.5.0

* cpe:/a:gnu:gnutls:2.12.2

* cpe:/a:gnu:gnutls:2.12.3

* cpe:/a:gnu:gnutls:2.12.4

* cpe:/a:gnu:gnutls:2.12.5

* cpe:/a:gnu:gnutls:2.6.0

* cpe:/a:gnu:gnutls:2.4.0

* cpe:/a:gnu:gnutls:2.6.2

* cpe:/a:gnu:gnutls:2.6.3

* cpe:/a:gnu:gnutls:2.6.4

* cpe:/a:gnu:gnutls:2.6.5

* cpe:/a:gnu:gnutls:2.4.2

* cpe:/a:gnu:gnutls:2.4.1

* cpe:/a:gnu:gnutls:2.6.6

* cpe:/a:gnu:gnutls:2.8.0

* cpe:/a:gnu:gnutls:2.8.1

* cpe:/a:gnu:gnutls:2.6.1

* cpe:/a:gnu:gnutls:3.0.14

* cpe:/a:gnu:gnutls:3.0.12

* cpe:/a:gnu:gnutls:3.0.13

* cpe:/a:gnu:gnutls:2.7.4

* cpe:/a:gnu:gnutls:3.0.11

* cpe:/a:gnu:gnutls:2.3.11

* cpe:/a:gnu:gnutls:2.12.6.1

* cpe:/a:gnu:gnutls:2.12.6

* cpe:/a:gnu:gnutls:2.12.7

* cpe:/a:gnu:gnutls:2.12.8

* cpe:/a:gnu:gnutls:2.12.9

* cpe:/a:gnu:gnutls:2.12.11

* cpe:/a:gnu:gnutls:2.12.12

* cpe:/a:gnu:gnutls:2.12.13

* cpe:/a:gnu:gnutls:3.0.0

* cpe:/a:gnu:gnutls:3.0.1

* cpe:/a:gnu:gnutls:3.0.2

* cpe:/a:gnu:gnutls:3.0.3

* cpe:/a:gnu:gnutls:3.0.4

* cpe:/a:gnu:gnutls:3.0.5

* cpe:/a:gnu:gnutls:3.0.6

* cpe:/a:gnu:gnutls:2.4.3

* cpe:/a:gnu:gnutls:2.8.2

* cpe:/a:gnu:gnutls:2.8.3

* cpe:/a:gnu:gnutls:2.8.4

* cpe:/a:gnu:gnutls:2.8.5

* cpe:/a:gnu:gnutls:2.8.6

* cpe:/a:gnu:gnutls:3.0

* cpe:/a:gnu:gnutls:3.0.9

* cpe:/a:gnu:gnutls:2.2.2

* cpe:/a:gnu:gnutls:3.0.8

* cpe:/a:gnu:gnutls:2.2.1

* cpe:/a:gnu:gnutls:3.0.7

* cpe:/a:gnu:gnutls:2.2.0

* cpe:/a:gnu:gnutls:2.12.14

* cpe:/a:gnu:gnutls:2.2.5

* cpe:/a:gnu:gnutls:2.2.4

* cpe:/a:gnu:gnutls:3.0.10

* cpe:/a:gnu:gnutls:2.2.3

* cpe:/a:gnu:gnutls:2.3.2

* cpe:/a:gnu:gnutls:2.3.1

* cpe:/a:gnu:gnutls:2.3.0

* cpe:/a:gnu:gnutls:2.3.6

* cpe:/a:gnu:gnutls:2.3.5

* cpe:/a:gnu:gnutls:2.3.4

* cpe:/a:gnu:gnutls:2.3.3

* cpe:/a:gnu:gnutls:2.3.10

* cpe:/a:gnu:gnutls:2.3.9

* cpe:/a:gnu:gnutls:2.3.8

* cpe:/a:gnu:gnutls:2.3.7

* cpe:/a:gnu:gnutls:3.0.15 and previous versions

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Numeric Errors (CWE-189)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1569