CVE-2015-2806

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.

References

http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=4d4f992826a4962790ecd0cce6fbba4a415ce149

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154741.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154805.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155117.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155270.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155435.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155483.html

http://www.debian.org/security/2015/dsa-3220

http://www.mandriva.com/security/advisories?name=MDVSA-2015:193

http://www.openwall.com/lists/oss-security/2015/03/29/4

http://www.openwall.com/lists/oss-security/2015/03/31/2

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.securityfocus.com/bid/73436

http://www.securitytracker.com/id/1032080

http://www.ubuntu.com/usn/USN-2559-1

https://access.redhat.com/errata/RHSA-2017:1860

https://security.gentoo.org/glsa/201509-04

Details

Source: MITRE

Published: 2015-04-10

Updated: 2018-01-05

Type: CWE-119

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
103010EulerOS 2.0 SP2 : libtasn1 (EulerOS-SA-2017-1172)NessusHuawei Local Security Checks
critical
103009EulerOS 2.0 SP1 : libtasn1 (EulerOS-SA-2017-1171)NessusHuawei Local Security Checks
critical
102739CentOS 7 : libtasn1 (CESA-2017:1860)NessusCentOS Local Security Checks
critical
102647Scientific Linux Security Update : libtasn1 on SL7.x x86_64 (20170801)NessusScientific Linux Local Security Checks
critical
102285Oracle Linux 7 : libtasn1 (ELSA-2017-1860)NessusOracle Linux Local Security Checks
critical
102146RHEL 7 : libtasn1 (RHSA-2017:1860)NessusRed Hat Local Security Checks
critical
87887SUSE SLED11 / SLES11 Security Update : gnutls (SUSE-SU-2016:0077-1)NessusSuSE Local Security Checks
medium
86135GLSA-201509-04 : libtasn1: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
83728SUSE SLED12 / SLES12 Security Update : libtasn1 (SUSE-SU-2015:0904-1)NessusSuSE Local Security Checks
critical
83727SUSE SLED11 / SLES11 Security Update : libtasn1 (SUSE-SU-2015:0901-1)NessusSuSE Local Security Checks
critical
83543SuSE 11.3 Security Update : libtasn1 (SAT Patch Number 10659)NessusSuSE Local Security Checks
critical
83399openSUSE Security Update : libtasn1 (openSUSE-2015-360)NessusSuSE Local Security Checks
critical
83024FreeBSD : libtasn1 -- stack-based buffer overflow in asn1_der_decoding (82595123-e8b8-11e4-a008-047d7b492d07)NessusFreeBSD Local Security Checks
critical
82955Fedora 20 : mingw-libtasn1-3.8-2.fc20 (2015-5390)NessusFedora Local Security Checks
critical
82953Fedora 22 : mingw-gnutls-3.3.14-1.fc22 / mingw-libtasn1-4.4-1.fc22 (2015-5308)NessusFedora Local Security Checks
critical
82951Fedora 21 : mingw-gnutls-3.3.14-1.fc21 / mingw-libtasn1-4.4-1.fc21 (2015-5245)NessusFedora Local Security Checks
critical
82950Fedora 22 : libtasn1-4.4-1.fc22 (2015-5199)NessusFedora Local Security Checks
critical
82872Fedora 20 : libtasn1-3.8-3.fc20 (2015-5182)NessusFedora Local Security Checks
critical
82871Fedora 21 : libtasn1-4.4-1.fc21 (2015-5114)NessusFedora Local Security Checks
critical
82721Debian DSA-3220-1 : libtasn1-3 - security updateNessusDebian Local Security Checks
critical
82718Debian DLA-195-1 : libtasn1-3 security updateNessusDebian Local Security Checks
critical
82659Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : libtasn1-3, libtasn1-6 vulnerability (USN-2559-1)NessusUbuntu Local Security Checks
critical
82617Mandriva Linux Security Advisory : libtasn1 (MDVSA-2015:193)NessusMandriva Local Security Checks
critical