libtasn1: asn1_find_node() based stackoverflow (CVE-2017-6891) (#7326) · Issues · alpine / aports

libtasn1: asn1_find_node() based stackoverflow (CVE-2017-6891)

Two errors in the “asn1_find_node()” function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based
buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.

References:

https://secuniaresearch.flexerasoftware.com/secunia\_research/2017-11/
https://nvd.nist.gov/vuln/detail/CVE-2017-6891

Patch:

http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484

(from redmine: issue id 7326, created on 2017-05-25, closed on 2017-05-25)

Relations:
- child #7327 (closed)
- child #7328 (closed)
- child #7329 (closed)
- child #7330 (closed)
- child #7331 (closed)

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information