FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
82595123-e8b8-11e4-a008-047d7b492d07	libtasn1 -- stack-based buffer overflow in asn1_der_decoding Debian reports: Hanno Boeck discovered a stack-based buffer overflow in the asn1_der_decoding function in Libtasn1, a library to manage ASN.1 structures. A remote attacker could take advantage of this flaw to cause an application using the Libtasn1 library to crash, or potentially to execute arbitrary code. Discovery 2015-04-11 Entry 2015-04-22 libtasn1 < 4.4 CVE-2015-2806 https://www.debian.org/security/2015/dsa-3220.en.html
2e7e9072-73a0-11e1-a883-001cc0a36e12	libtasn1 -- ASN.1 length decoding vulnerability Mu Dynamics, Inc. reports: Various functions using the ASN.1 length decoding logic in Libtasn1 were incorrectly assuming that the return value from asn1_get_length_der is always less than the length of the enclosing ASN.1 structure, which is only true for valid structures and not for intentionally corrupt or otherwise buggy structures. Discovery 2012-03-20 Entry 2012-03-21 Modified 2012-03-24 libtasn1 < 2.12 gnutls < 2.12.18 gnutls-devel gt 2.99 lt 3.0.16 CVE-2012-1569
1b0d2938-0766-11e6-94fa-002590263bf5	libtasn1 -- denial of service parsing malicious DER certificates GNU Libtasn1 NEWS reports: Fixes to avoid an infinite recursion when decoding without the ASN1_DECODE_FLAG_STRICT_DER flag. Reported by Pascal Cuoq. Discovery 2016-04-11 Entry 2016-04-21 libtasn1 < 4.8 CVE-2016-4008 http://www.openwall.com/lists/oss-security/2016/04/13/3 http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=blob_plain;f=NEWS;hb=e9bcdc86b920d72c9cffc2570d14eea2f6365b37

VuXML ID

Description

82595123-e8b8-11e4-a008-047d7b492d07

libtasn1 -- stack-based buffer overflow in asn1_der_decoding

Debian reports:

Hanno Boeck discovered a stack-based buffer overflow in the asn1_der_decoding function in Libtasn1, a library to manage ASN.1 structures. A remote attacker could take advantage of this flaw to cause an application using the Libtasn1 library to crash, or potentially to execute arbitrary code.

Discovery 2015-04-11
Entry 2015-04-22
libtasn1

< 4.4

CVE-2015-2806
https://www.debian.org/security/2015/dsa-3220.en.html

2e7e9072-73a0-11e1-a883-001cc0a36e12

libtasn1 -- ASN.1 length decoding vulnerability

Mu Dynamics, Inc. reports:

Various functions using the ASN.1 length decoding logic in Libtasn1 were incorrectly assuming that the return value from asn1_get_length_der is always less than the length of the enclosing ASN.1 structure, which is only true for valid structures and not for intentionally corrupt or otherwise buggy structures.

Discovery 2012-03-20
Entry 2012-03-21
Modified 2012-03-24
libtasn1

< 2.12

gnutls

< 2.12.18

gnutls-devel

gt 2.99 lt 3.0.16

CVE-2012-1569

1b0d2938-0766-11e6-94fa-002590263bf5

libtasn1 -- denial of service parsing malicious DER certificates

GNU Libtasn1 NEWS reports:

Fixes to avoid an infinite recursion when decoding without the ASN1_DECODE_FLAG_STRICT_DER flag. Reported by Pascal Cuoq.

Discovery 2016-04-11
Entry 2016-04-21
libtasn1

< 4.8

CVE-2016-4008
http://www.openwall.com/lists/oss-security/2016/04/13/3
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=blob_plain;f=NEWS;hb=e9bcdc86b920d72c9cffc2570d14eea2f6365b37