#1125063 libtasn1-6: CVE-2025-13151

Package:
src:libtasn1-6
Source:
src:libtasn1-6
Submitter:
Moritz Mühlenhoff
Date:
2026-06-17 19:13:04 UTC
Severity:
normal
Tags:
#1125063#5
Date:
2026-01-08 20:05:24 UTC
From:
To:
Hi,

The following vulnerability was published for libtasn1-6.

CVE-2025-13151[0]:
| Stack-based buffer overflow in libtasn1 version: v4.20.0. The
| function fails to validate the size of input data resulting in a
| buffer overflow in asn1_expend_octet_string.

Patch isn't merged yet:
https://gitlab.com/gnutls/libtasn1/-/merge_requests/121


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-13151
https://www.cve.org/CVERecord?id=CVE-2025-13151

Please adjust the affected versions in the BTS as needed.
#1125063#16
Date:
2026-01-09 18:17:43 UTC
From:
To:
[...]

Looking at the full announcement
https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2025-13151.md?ref_type=heads

CVE-2025-13151: Stack-based buffer overflow in asn1_expand_octet_string
function

Expanding an "OCTET STRING" element of a structure using the
asn1_expand_octet_string function may lead to a one-byte stack overflow
that may corrupt adjacent memory in the worst case scenario.

Severity: Low Vulnerable versions : All released version of libtasn1
Not vulnerable : libtasn1 4.21.0
[...]
Exploitation

In order to exploit this, the target program must be using the
asn1_expand_octet_string function explicitly with an excessively long
name (ASN1_MAX_NAME_SIZE = 64 characters) for both the ASN.1 definition
and the target element. Given the ASN.1 definitions are normally part of
the application code base, it is highly unlikely to be exploitable.

https://codesearch.debian.net/ only finds 4 hits for
asn1_expand_octet_string - libtasn1-6 itself, the libtasn copies in
grub2 and gnutls, and a commented call in box64.

This probably does not warrant a DSA.

cu Andreas
#1125063#21
Date:
2026-01-09 19:12:45 UTC
From:
To:
Thanks for following up. Agreed, this doesn't need a DSA; I'll update the
Security Tracker.

Cheers,
        Moritz
#1125063#26
Date:
2026-01-10 06:48:40 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
libtasn1-6, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1125063@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Metzler <ametzler@debian.org> (supplier of updated libtasn1-6 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Sat, 10 Jan 2026 07:31:06 +0100
Source: libtasn1-6
Architecture: source
Version: 4.21.0-1
Distribution: experimental
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Closes: 1125063
Changes:
 libtasn1-6 (4.21.0-1) experimental; urgency=medium
 .
   * Update upstream signing key.
     (Refreshed A3CC9C870B9D310ABAD4CF2F51722B08FE4745A2 with WKD)
   * New upstream version.
     + Fixes CVE-2025-13151 (Stack-based buffer overflow in
       asn1_expand_octet_string function). Closes: #1125063
     + Update debian/copyright.
   * [lintian] Drop Rules-Requires-Root: no
   * [lintian] Drop Priority: optional
   * Standards-Version: 4.7.3
Checksums-Sha1:
 12eff0d948bb7cec44f3b47904d9afd49aa7dd09 2665 libtasn1-6_4.21.0-1.dsc
 2364d792f8f1a7400ddc8d13c41f6c9b48cc53b7 1816537 libtasn1-6_4.21.0.orig.tar.gz
 e73f3885b8ace209f84a58dc6427ad7d84e0ac06 1223 libtasn1-6_4.21.0.orig.tar.gz.asc
 656136abfee081f308f2cafce872ae5371efbabd 18780 libtasn1-6_4.21.0-1.debian.tar.xz
Checksums-Sha256:
 64602c691250e83c500b59c57a360776b695b673b3523b7b15d61ef5ea50474c 2665 libtasn1-6_4.21.0-1.dsc
 1d8a444a223cc5464240777346e125de51d8e6abf0b8bac742ac84609167dc87 1816537 libtasn1-6_4.21.0.orig.tar.gz
 a81037649b953c9ecb2e8f8fa24cb5c79456fd9af31499d6b753fa6569656807 1223 libtasn1-6_4.21.0.orig.tar.gz.asc
 9781748e7d3670ded349ef14ef760537d7b1245b36535c569cfb2ee299f0274c 18780 libtasn1-6_4.21.0-1.debian.tar.xz
Files:
 c7d0e8f789063cc95ca8207049f861cf 2665 libs optional libtasn1-6_4.21.0-1.dsc
 2ee1d9f3aa66f1e308c46a283aa9a8c2 1816537 libs optional libtasn1-6_4.21.0.orig.tar.gz
 9e9c904bf5fdc954997d20562b44cd5c 1223 libs optional libtasn1-6_4.21.0.orig.tar.gz.asc
 7a6fb7eeb1ea3efe381eaa9f8d1bcedf 18780 libs optional libtasn1-6_4.21.0-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmlh83cACgkQpU8BhUOC
FIRejRAAoYm6jZNYZBouLPCUeL6bjKMug8xwgpKzMaoiILNbkKLSETpagpiWdRVC
qz/sOm1t2hZ87fHYUF4FVf+KzAxIaPfy9cdLVBULXIh5dL6xU03qyuMtOgOiXrB8
JGnMhqiXi7Pj3L58pYydtmZYoV8r4xCgUmj86WVxqg/5LNPDY2F6jddRyDVrYzqN
bbGSSZz/fk+l7FJ4shvU9qLTG0r5GyXYE4PRsM/OHyKesZ+879U6Us8pouw6zP4F
p3v3dTm5cchVUVYSbYrXcY64vJ4x3OQtFQ6ZOOUG0FiSKb2MyJt4Uzc/xHV2+ktF
HquK6dT+KycO8PsA6NeXJCiK6ue3soUyWTMb+7l5XjzDIAblA1PZ9/fviJ0bWmA4
d+dcHCzpun1F0QW1iB7Ujs+aftJuS3n+GruhbH74wWnhswpg6WSWwS7sjV8l8tEH
34z4Woxa+MDGG/BsA/sT10ryBYwRPzwhRRHfH7dsPKVlUp4tc6qgUUGVfqbbt4w3
e+/njs4jvx+BHnQZtSI4+HMcpuwzN9zyqQ+rJ52hOssZ/fRIG2Pvn8y7uBR2OnpW
6Q+gc/HfeIM09sbFDdJaWlrT3P3mWloPiZzluC5yYKLBcEtD+lq/5FQhDiSa73Hs
bYx4SxRt11MDVPDT32ZODaG5GcArH8vRz0KcdcxeJV62GbxdwnM=
=SA1D
-----END PGP SIGNATURE-----