180857 – SA18794 GnuTLS libtasn1 DER Decoding Denial of Service Vulnerabilities

Bug 180857 - SA18794 GnuTLS libtasn1 DER Decoding Denial of Service Vulnerabilities

Summary: SA18794 GnuTLS libtasn1 DER Decoding Denial of Service Vulnerabilities

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	gnutls
Sub Component:
Version:	4
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-02-10 10:25 UTC by Ignacio Vazquez-Abrams
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-02-13 11:42:20 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Ignacio Vazquez-Abrams 2006-02-10 10:25:25 UTC

"Evgeny Legerov has reported some vulnerabilities in GnuTLS libtasn1, which
potentially can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerabilities are caused due to errors within the DER decoder in libtasn1.
This can be exploited to crash an application that uses the library via
specially-crafted input.

The vulnerabilities have been reported in libtasn1 prior to 0.2.18 and in GnuTLS
prior to 1.2.10."

Comment 1 Tomas Mraz 2006-02-13 11:42:20 UTC

Fixed in both FC-4 updates and FC-5-devel packages.

Note You need to log in before you can comment on or make changes to this bug.