Cyber Resilience

CVE-2025-13151

High

Published: 07 January 2026

Published
07 January 2026
Modified
02 February 2026
KEV Added
Patch
08 January 2026
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0005 16.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-13151 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Gnu Libtasn1. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 16.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-13151 is a stack-based buffer overflow vulnerability (CWE-787) in libtasn1 version 4.20.0. The flaw resides in the asn1_expend_octet_string function, which fails to validate the size of input data, resulting in a buffer overflow. This affects the libtasn1 library, a component used for ASN.1 structure management and commonly integrated into projects like GnuTLS.

The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its network accessibility, low attack complexity, and lack of requirements for privileges or user interaction. Remote, unauthenticated attackers can exploit it over the network to trigger a denial-of-service condition, such as crashing affected applications, with no impact on confidentiality or integrity.

Advisories and patches are referenced in the libtasn1 GitLab repository and merge request 121, which likely contains the fix. Further details appear in the oss-security mailing list post from January 8, 2026, and CERT vulnerability note 271649. Security practitioners should review these sources for patching instructions and verify updates in dependent software.

EU & UK References

Vulnerability details

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Stack buffer overflow in network-reachable library directly enables remote application/system crash for DoS via exploitation (CWE-787, CVSS A:H only).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-4046Same vendor: Gnu
CVE-2025-15281Same vendor: Gnu
CVE-2025-69650Same vendor: Gnu
CVE-2025-1125Same vendor: Gnu
CVE-2026-4437Same vendor: Gnu
CVE-2026-5435Same vendor: Gnu
CVE-2025-69649Same vendor: Gnu
CVE-2024-24422Shared CWE-787
CVE-2026-5928Same vendor: Gnu
CVE-2026-41989Shared CWE-787

Affected Assets

gnu
libtasn1
4.20.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and patching of the specific stack-based buffer overflow flaw in libtasn1's asn1_expend_octet_string function.

prevent

Implements memory protections such as stack canaries, DEP, and ASLR that directly mitigate exploitation of stack-based buffer overflows.

detect

Enables automated vulnerability scanning to identify the CVE-2025-13151 buffer overflow in libtasn1 version 4.20.0.

References