Libtasn1: Denial of Service
Gentoo Linux Security Advisory
||GLSA 201209-12 / libtasn1
||September 25, 2012
||September 25, 2012: 1
All supported architectures
A vulnerability in Libtasn1 might cause a Denial of Service
Libtasn1 is a library used to parse ASN.1 (Abstract Syntax Notation One)
objects, and perform DER (Distinguished Encoding Rules) decoding.
Libtasn1 does not properly handle length fields when performing DER
A remote attacker could entice a user to open a specially crafted
DER-encoded object in an application linked against Libtasn1, possibly
resulting in Denial of Service.
There is no known workaround at this time.
All Libtasn1 users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libtasn1-2.12"
Packages which depend on this library may need to be recompiled. Tools
such as revdep-rebuild may assist in identifying some of these packages.