ALT-PU-2025-3626-3

Package update libtasn1 in branch p9

Version4.20.0-alt1

Published2026-02-04

Max severityCRITICAL

Severity:

Closed issues (4)

CRITICAL9.1

Уязвимость функции asn1_encode_simple_der() библиотеки Libtasn1, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании

Published: 2022-11-08Modified: 2026-01-19

CVSS 3.xCRITICAL 9.1

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CVSS 2.0CRITICAL 9.4

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:C

References

MEDIUM5.3

Уязвимость ASN.1 библиотеки Libtasn1, связанная с алгоритмической сложностью, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2025-09-27Modified: 2026-03-11

CVSS 3.xMEDIUM 5.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

References

CRITICAL9.1

GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.

Published: 2022-10-24Modified: 2025-05-07

CVSS 3.xCRITICAL 9.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References

MEDIUM5.3

A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.

Published: 2025-02-10Modified: 2026-05-12

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References