Your submission was sent successfully! Close

CVE-2017-6891

Published: 22 May 2017

Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
libtasn1-3
Launchpad, Ubuntu, Debian
precise
Released (2.10-1ubuntu1.6)
trusty Does not exist

upstream Needs triage

xenial Does not exist

yakkety Does not exist

zesty Does not exist

libtasn1-6
Launchpad, Ubuntu, Debian
precise Does not exist

trusty
Released (3.4-3ubuntu0.5)
upstream
Released (4.10-1.1)
xenial
Released (4.7-3ubuntu0.16.04.2)
yakkety
Released (4.9-4ubuntu0.1)
zesty
Released (4.10-1ubuntu0.1)