CVE-2017-6891

Published: 22 May 2017

Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
libtasn1-3
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

libtasn1-6
Launchpad, Ubuntu, Debian
Upstream
Released (4.10-1.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (4.7-3ubuntu0.16.04.2)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (3.4-3ubuntu0.5)
Patches:
Upstream: https://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484