CVE-2015-2806
Published: 1 April 2015
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.
Notes
Author | Note |
---|---|
tyhicks | In Precise and older, it may make sense to just do the one-line change of increasing the temp array to 22 bytes. More investigation needed. |
Priority
Status
Package | Release | Status |
---|---|---|
libtasn1-3 Launchpad, Ubuntu, Debian |
lucid |
Released
(2.4-1ubuntu0.3)
|
precise |
Released
(2.10-1ubuntu1.3)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
libtasn1-6 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Released
(3.4-3ubuntu0.2)
|
|
upstream |
Needs triage
|
|
utopic |
Released
(4.0-2ubuntu0.1)
|
|
Patches: upstream: http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=e47b2a0651ffe1867c844968ade7f6127957bf13 upstream: http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=f7ae724333b59013413158b88e10cdb936c5eeab upstream: http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=e47b2a0651ffe1867c844968ade7f6127957bf13 upstream: http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=4d4f992826a4962790ecd0cce6fbba4a415ce149 |