CVE-2017-6891
Published: 22 May 2017
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.
Priority
Medium
CVSS 3 base score: 8.8
Status
| Package | Release | Status |
|---|---|---|
|
libtasn1-3 Launchpad, Ubuntu, Debian |
precise |
Released
(2.10-1ubuntu1.6)
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
libtasn1-6 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Released
(3.4-3ubuntu0.5)
|
|
| upstream |
Released
(4.10-1.1)
|
|
| xenial |
Released
(4.7-3ubuntu0.16.04.2)
|
|
| yakkety |
Released
(4.9-4ubuntu0.1)
|
|
| zesty |
Released
(4.10-1ubuntu0.1)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891
- https://secuniaresearch.flexerasoftware.com/advisories/76125/
- https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/
- https://ubuntu.com/security/notices/USN-3309-1
- https://ubuntu.com/security/notices/USN-3309-2
- NVD
- Launchpad
- Debian