Your submission was sent successfully! Close

CVE-2015-2806

Published: 1 April 2015

Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.

Notes

AuthorNote
tyhicks
In Precise and older, it may make sense to just do the one-line
change of increasing the temp array to 22 bytes. More investigation needed.
Priority

Medium

Status

Package Release Status
libtasn1-3
Launchpad, Ubuntu, Debian
lucid
Released (2.4-1ubuntu0.3)
precise
Released (2.10-1ubuntu1.3)
trusty Does not exist

upstream Needs triage

utopic Does not exist

libtasn1-6
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

trusty
Released (3.4-3ubuntu0.2)
upstream Needs triage

utopic
Released (4.0-2ubuntu0.1)
Patches:
upstream: http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=e47b2a0651ffe1867c844968ade7f6127957bf13 (3.x bp)
upstream: http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=f7ae724333b59013413158b88e10cdb936c5eeab (3.x)
upstream: http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=e47b2a0651ffe1867c844968ade7f6127957bf13 (4.x bp)
upstream: http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=4d4f992826a4962790ecd0cce6fbba4a415ce149 (4.x)