FreeBSD : libtasn1 -- ASN.1 length decoding vulnerability (2e7e9072-73a0-11e1-a883-001cc0a36e12)
Medium Nessus Plugin ID 58422
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionMu Dynamics, Inc. reports :
Various functions using the ASN.1 length decoding logic in Libtasn1 were incorrectly assuming that the return value from asn1_get_length_der is always less than the length of the enclosing ASN.1 structure, which is only true for valid structures and not for intentionally corrupt or otherwise buggy structures.
SolutionUpdate the affected packages.