{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"libtasn1 security update", "category":"general", "title":"Synopsis" }, { "text":"An update for libtasn1 is now available for openEuler-24.03-LTS-SP1", "category":"general", "title":"Summary" }, { "text":"Libtasn1 is the ASN.1 library used by GnuTLS, p11-kit and some other packages. The goal of this implementation is to be highly portable, and only require an ANSI C99 platform.This library provides Abstract Syntax Notation One (ASN.1, as specified by the X.680 ITU-T recommendation) parsing and structures management, and Distinguished Encoding Rules (DER, as per X.690) encoding and decoding functions.\n\nSecurity Fix(es):\n\nStack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.(CVE-2025-13151)", "category":"general", "title":"Description" }, { "text":"An update for libtasn1 is now available for openEuler-24.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"libtasn1", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-1179", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1179" }, { "summary":"CVE-2025-13151", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-13151&packageName=libtasn1" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13151" }, { "summary":"openEuler-SA-2026-1179 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1179.json" } ], "title":"An update for libtasn1 is now available for openEuler-24.03-LTS-SP1", "tracking":{ "initial_release_date":"2026-01-22T09:59:50+08:00", "revision_history":[ { "date":"2026-01-22T09:59:50+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-01-22T09:59:50+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-01-22T09:59:50+08:00", "id":"openEuler-SA-2026-1179", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"openEuler-24.03-LTS-SP1", "name":"openEuler-24.03-LTS-SP1" }, "name":"openEuler-24.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libtasn1-help-4.19.0-3.oe2403sp1.noarch.rpm", "name":"libtasn1-help-4.19.0-3.oe2403sp1.noarch.rpm" }, "name":"libtasn1-help-4.19.0-3.oe2403sp1.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libtasn1-4.19.0-3.oe2403sp1.aarch64.rpm", "name":"libtasn1-4.19.0-3.oe2403sp1.aarch64.rpm" }, "name":"libtasn1-4.19.0-3.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libtasn1-debuginfo-4.19.0-3.oe2403sp1.aarch64.rpm", "name":"libtasn1-debuginfo-4.19.0-3.oe2403sp1.aarch64.rpm" }, "name":"libtasn1-debuginfo-4.19.0-3.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libtasn1-debugsource-4.19.0-3.oe2403sp1.aarch64.rpm", "name":"libtasn1-debugsource-4.19.0-3.oe2403sp1.aarch64.rpm" }, "name":"libtasn1-debugsource-4.19.0-3.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libtasn1-devel-4.19.0-3.oe2403sp1.aarch64.rpm", "name":"libtasn1-devel-4.19.0-3.oe2403sp1.aarch64.rpm" }, "name":"libtasn1-devel-4.19.0-3.oe2403sp1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libtasn1-4.19.0-3.oe2403sp1.src.rpm", "name":"libtasn1-4.19.0-3.oe2403sp1.src.rpm" }, "name":"libtasn1-4.19.0-3.oe2403sp1.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libtasn1-4.19.0-3.oe2403sp1.x86_64.rpm", "name":"libtasn1-4.19.0-3.oe2403sp1.x86_64.rpm" }, "name":"libtasn1-4.19.0-3.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libtasn1-debuginfo-4.19.0-3.oe2403sp1.x86_64.rpm", "name":"libtasn1-debuginfo-4.19.0-3.oe2403sp1.x86_64.rpm" }, "name":"libtasn1-debuginfo-4.19.0-3.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libtasn1-debugsource-4.19.0-3.oe2403sp1.x86_64.rpm", "name":"libtasn1-debugsource-4.19.0-3.oe2403sp1.x86_64.rpm" }, "name":"libtasn1-debugsource-4.19.0-3.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libtasn1-devel-4.19.0-3.oe2403sp1.x86_64.rpm", "name":"libtasn1-devel-4.19.0-3.oe2403sp1.x86_64.rpm" }, "name":"libtasn1-devel-4.19.0-3.oe2403sp1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libtasn1-help-4.19.0-3.oe2403sp1.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libtasn1-help-4.19.0-3.oe2403sp1.noarch", "name":"libtasn1-help-4.19.0-3.oe2403sp1.noarch as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libtasn1-4.19.0-3.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libtasn1-4.19.0-3.oe2403sp1.aarch64", "name":"libtasn1-4.19.0-3.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libtasn1-debuginfo-4.19.0-3.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libtasn1-debuginfo-4.19.0-3.oe2403sp1.aarch64", "name":"libtasn1-debuginfo-4.19.0-3.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libtasn1-debugsource-4.19.0-3.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libtasn1-debugsource-4.19.0-3.oe2403sp1.aarch64", "name":"libtasn1-debugsource-4.19.0-3.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libtasn1-devel-4.19.0-3.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libtasn1-devel-4.19.0-3.oe2403sp1.aarch64", "name":"libtasn1-devel-4.19.0-3.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libtasn1-4.19.0-3.oe2403sp1.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libtasn1-4.19.0-3.oe2403sp1.src", "name":"libtasn1-4.19.0-3.oe2403sp1.src as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libtasn1-4.19.0-3.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libtasn1-4.19.0-3.oe2403sp1.x86_64", "name":"libtasn1-4.19.0-3.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libtasn1-debuginfo-4.19.0-3.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libtasn1-debuginfo-4.19.0-3.oe2403sp1.x86_64", "name":"libtasn1-debuginfo-4.19.0-3.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libtasn1-debugsource-4.19.0-3.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libtasn1-debugsource-4.19.0-3.oe2403sp1.x86_64", "name":"libtasn1-debugsource-4.19.0-3.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libtasn1-devel-4.19.0-3.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libtasn1-devel-4.19.0-3.oe2403sp1.x86_64", "name":"libtasn1-devel-4.19.0-3.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-13151", "notes":[ { "text":"Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:libtasn1-help-4.19.0-3.oe2403sp1.noarch", "openEuler-24.03-LTS-SP1:libtasn1-4.19.0-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libtasn1-debuginfo-4.19.0-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libtasn1-debugsource-4.19.0-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libtasn1-devel-4.19.0-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libtasn1-4.19.0-3.oe2403sp1.src", "openEuler-24.03-LTS-SP1:libtasn1-4.19.0-3.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libtasn1-debuginfo-4.19.0-3.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libtasn1-debugsource-4.19.0-3.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libtasn1-devel-4.19.0-3.oe2403sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:libtasn1-help-4.19.0-3.oe2403sp1.noarch", "openEuler-24.03-LTS-SP1:libtasn1-4.19.0-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libtasn1-debuginfo-4.19.0-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libtasn1-debugsource-4.19.0-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libtasn1-devel-4.19.0-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libtasn1-4.19.0-3.oe2403sp1.src", "openEuler-24.03-LTS-SP1:libtasn1-4.19.0-3.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libtasn1-debuginfo-4.19.0-3.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libtasn1-debugsource-4.19.0-3.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libtasn1-devel-4.19.0-3.oe2403sp1.x86_64" ], "details":"libtasn1 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1179" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:libtasn1-help-4.19.0-3.oe2403sp1.noarch", "openEuler-24.03-LTS-SP1:libtasn1-4.19.0-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libtasn1-debuginfo-4.19.0-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libtasn1-debugsource-4.19.0-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libtasn1-devel-4.19.0-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libtasn1-4.19.0-3.oe2403sp1.src", "openEuler-24.03-LTS-SP1:libtasn1-4.19.0-3.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libtasn1-debuginfo-4.19.0-3.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libtasn1-debugsource-4.19.0-3.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libtasn1-devel-4.19.0-3.oe2403sp1.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-13151" } ] }