The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow that allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted certificate in the TLS certificate handshake message, because the result of get_asn1_length() is not checked for a minimum or maximum size.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-12-03T20:00:43

Updated: 2024-08-04T22:10:08.438Z

Reserved: 2019-03-24T00:00:00

Link: CVE-2019-10013

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-12-03T20:15:10.950

Modified: 2024-11-21T04:18:12.980

Link: CVE-2019-10013

cve-icon Redhat

No data.