CVE-2025-13151
Published: 07 January 2026
Summary
CVE-2025-13151 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Gnu Libtasn1. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 16.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-13151 is a stack-based buffer overflow vulnerability (CWE-787) in libtasn1 version 4.20.0. The flaw resides in the asn1_expend_octet_string function, which fails to validate the size of input data, resulting in a buffer overflow. This affects the libtasn1 library, a component used for ASN.1 structure management and commonly integrated into projects like GnuTLS.
The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its network accessibility, low attack complexity, and lack of requirements for privileges or user interaction. Remote, unauthenticated attackers can exploit it over the network to trigger a denial-of-service condition, such as crashing affected applications, with no impact on confidentiality or integrity.
Advisories and patches are referenced in the libtasn1 GitLab repository and merge request 121, which likely contains the fix. Further details appear in the oss-security mailing list post from January 8, 2026, and CERT vulnerability note 271649. Security practitioners should review these sources for patching instructions and verify updates in dependent software.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-206262
Vulnerability details
Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack buffer overflow in network-reachable library directly enables remote application/system crash for DoS via exploitation (CWE-787, CVSS A:H only).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and patching of the specific stack-based buffer overflow flaw in libtasn1's asn1_expend_octet_string function.
Implements memory protections such as stack canaries, DEP, and ASLR that directly mitigate exploitation of stack-based buffer overflows.
Enables automated vulnerability scanning to identify the CVE-2025-13151 buffer overflow in libtasn1 version 4.20.0.