OpenSUSE: 202310-4 Severe: Libgcrypt Memory Corruption Threat
May 08, 2015 • 
LinuxSecurity Advisories 1 min read
Topics Covered
The package libtasn1 before version 4.5-1 is vulnerable to arbitrary code execution.
Arch Linux Security Advisory ASA-201505-5 ======================================== Severity: Critical Date : 2015-05-08 CVE-ID : CVE-2015-3622 Package : libtasn1 Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package libtasn1 before version 4.5-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 4.5-1. # pacman -Syu "libtasn1>=4.5-1" The problem has been fixed upstream in version 4.5. Workaround ========= None. Description ========== A heap-based buffer overflow flaw was found in the way the libtasn1 library decoded certain DER-encoded input. A specially crafted, DER-encoded input could cause an application using libtasn1 to perform an invalid read, causing the application to crash or, possibly, execute arbitrary code. The heap overflow happens in the function _asn1_extract_der_octet() that is called during decoding of DER-encoded input. Impact ===== A remote attacker is able to use a specially crafted certificate that is leading to arbitrary code execution during decoding. References ========= https://access.redhat.com/security/cve/CVE-2015-3622
PREVIOUS 
NEXT Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!