[3.4] libtasn1: NULL pointer dereference in the _asn1_check_identifier function (CVE-2017-10790)
The _asn1_check_identifier function in GNU Libtasn1 through 4.12
causes a NULL pointer dereference and crash when reading
crafted input that triggers assignment of a NULL value within an
asn1_node structure. It may lead to a remote denial of service attack.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-10790
Patch:
(from redmine: issue id 7604, created on 2017-07-26, closed on 2017-08-03)
- Relations:
- parent #7600 (closed)
- Changesets:
- Revision 8c52e278 on 2017-08-03T13:25:29Z:
main/libtasn1: fix for CVE-2017-10790. Fixes #7604