CVE-2012-1569

Publication date 26 March 2012

Last updated 24 July 2024

Ubuntu priority

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libtasn1-3	12.04 LTS precise	Fixed 2.10-1ubuntu1.1
	11.10 oneiric	Fixed 2.9-4ubuntu0.1
	11.04 natty	Fixed 2.7-1ubuntu1.1
	10.10 maverick	Ignored
	10.04 LTS lucid	Fixed 2.4-1ubuntu0.1
	8.04 LTS hardy	Fixed 1.1-1ubuntu0.1

Notes

jdstrand

per Simon Josefsson (upstream), asn1_get_length_der() does not itself have the vulnerability, but that callers wouldn't check its return code which could cause a DoS. It was deemed easier for asn1_get_length_der() to throw an error rather than changing all callers. archive grep results for asn1_get_length_der(): https://chinstrap.canonical.com/~jamie/libtasn1.log

mdeslaur

gnutls test: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=88138dc44fc00f2887956d71e0febd2656e1fd9f libtasn test: http://git.savannah.gnu.org/cgit/libtasn1.git/plain/tests/Test_overflow.c

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libtasn1-3	Upstream: http://article.gmane.org/gmane.comp.gnu.libtasn1.general/54 Vendor: http://www.debian.org/security/2012/dsa-2440

References

Related Ubuntu Security Notices (USN)