[3.7] libtasn1: Stack exhaustion due to indefinite recursion during BER decoding (CVE-2018-6003)
An issue was discovered in the _asn1_decode_simple_ber function in
decoding.c in GNU Libtasn1 before 4.13. Unlimited
recursion in the BER decoder leads to stack exhaustion and DoS.
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-6003
Patch:
https://gitlab.com/gnutls/libtasn1/commit/c593ae84cfcde8fea45787e53950e0ac71e9ca97
(from redmine: issue id 8527, created on 2018-02-21, closed on 2018-03-05)
- Relations:
- parent #8525 (closed)
- Changesets:
- Revision ebfdfada on 2018-02-28T08:15:27Z:
main/libtasn1: security fix (CVE-2018-6003)
Fixes #8527