CVE-2015-2806 — HIGH (10.0)

Q: What is CVE-2015-2806?

CVE-2015-2806 is a vulnerability with a CVSS score of 10.0 (HIGH). Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.

Q: How severe is CVE-2015-2806?

CVE-2015-2806 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-2806?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Debian Debian Linux, Fedoraproject Fedora, Gnu Libtasn1.

Vulnerability Description

Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Canonical	Ubuntu Linux	10.04
Debian	Debian Linux	7.0
Fedoraproject	Fedora	20
Gnu	Libtasn1	<= 4.3

Related Weaknesses (CWE)

CWE-119

References

http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=4d4f992826a496
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154741.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154805.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155117.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155270.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155435.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155483.htmlThird Party Advisory
http://www.debian.org/security/2015/dsa-3220Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:193Broken Link
http://www.openwall.com/lists/oss-security/2015/03/29/4Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2015/03/31/2Mailing ListThird Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/73436
http://www.securitytracker.com/id/1032080Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-2559-1Third Party Advisory

FAQ

What is CVE-2015-2806?

CVE-2015-2806 is a vulnerability with a CVSS score of 10.0 (HIGH). Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.

How severe is CVE-2015-2806?

CVE-2015-2806 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-2806?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Debian Debian Linux, Fedoraproject Fedora, Gnu Libtasn1.