[3.6] libtasn1: asn1_find_node() based stackoverflow (CVE-2017-6891) (#7328) · Issues · alpine / aports

[3.6] libtasn1: asn1_find_node() based stackoverflow (CVE-2017-6891)

Two errors in the “asn1_find_node()” function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based
buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.

References:

https://secuniaresearch.flexerasoftware.com/secunia\_research/2017-11/
https://nvd.nist.gov/vuln/detail/CVE-2017-6891

Patch:

http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484

(from redmine: issue id 7328, created on 2017-05-25, closed on 2017-05-25)

Relations:
- parent #7326 (closed)
Changesets:
- Revision 9c7bef12 on 2017-05-25T13:33:37Z:

main/libtasn1: security fix for CVE-2017-6891. Fixes #7328

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information