[3.6] libtasn1: asn1_find_node() based stackoverflow (CVE-2017-6891) (#7328) · Issues · alpine / aports

[3.6] libtasn1: asn1_find_node() based stackoverflow (CVE-2017-6891)

Two errors in the “asn1_find_node()” function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based
buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.

References:

https://secuniaresearch.flexerasoftware.com/secunia\_research/2017-11/
https://nvd.nist.gov/vuln/detail/CVE-2017-6891

Patch:

http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484

(from redmine: issue id 7328, created on 2017-05-25, closed on 2017-05-25)

Relations:
- parent #7326 (closed)
Changesets:
- Revision 9c7bef12 on 2017-05-25T13:33:37Z:

main/libtasn1: security fix for CVE-2017-6891. Fixes #7328

Discussion
Designs

The one place for your designs

To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.