ALT Linux Team

Package libtasn1 update in p9 on 2025-03-12

ALT-PU-2025-3626-2

Package libtasn1 updated to version 4.20.0-alt1 for branch p9 in task 376209.

Closed vulnerabilities

Published: 2022-10-24

BDU:2022-06694

Уязвимость функции asn1_encode_simple_der() библиотеки Libtasn1, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании

Severity: CRITICAL (9.1) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Severity: CRITICAL (9.4) Vector: AV:N/AC:L/Au:N/C:C/I:N/A:C
References:
Published: 2022-10-24
Modified: 2025-05-07

CVE-2021-46848

GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.

Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
References:
Published: 2025-02-10
Modified: 2025-10-06

CVE-2024-12133

A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top