Bug#1125063: libtasn1-6: CVE-2025-13151
Moritz Mühlenhoff
jmm at inutil.org
Thu Jan 8 20:05:24 GMT 2026
Source: libtasn1-6
X-Debbugs-CC: team at security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libtasn1-6.
CVE-2025-13151[0]:
| Stack-based buffer overflow in libtasn1 version: v4.20.0. The
| function fails to validate the size of input data resulting in a
| buffer overflow in asn1_expend_octet_string.
Patch isn't merged yet:
https://gitlab.com/gnutls/libtasn1/-/merge_requests/121
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-13151
https://www.cve.org/CVERecord?id=CVE-2025-13151
Please adjust the affected versions in the BTS as needed.
More information about the Pkg-gnutls-maint
mailing list