[3.5] libtasn1: asn1_find_node() based stackoverflow (CVE-2017-6891)
Two errors in the “asn1_find_node()” function (lib/parser_aux.c)
within GnuTLS libtasn1 version 4.10 can be exploited to cause a
stacked-based
buffer overflow by tricking a user into processing a specially crafted
assignments file via the e.g. asn1Coding utility.
References:
https://secuniaresearch.flexerasoftware.com/secunia\_research/2017-11/
https://nvd.nist.gov/vuln/detail/CVE-2017-6891
Patch:
(from redmine: issue id 7329, created on 2017-05-25, closed on 2017-05-25)
- Relations:
- parent #7326 (closed)
- Changesets:
- Revision f3deae79 on 2017-05-25T13:46:54Z:
main/libtasn1: security fix for CVE-2017-6891. Fixes #7329