Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2018-6003

Published: 22 January 2018

An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.

Notes

AuthorNote
leosilva
libtasn1-3 (precise) and libtasn1-6 (trusty) are not affected
since vulnerable code was introduced in 4.3
bionic already has the fix

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
libtasn1-3
Launchpad, Ubuntu, Debian
artful Does not exist

precise Not vulnerable

trusty Does not exist

upstream Needs triage

xenial Does not exist

libtasn1-6
Launchpad, Ubuntu, Debian
artful
Released (4.12-2.1ubuntu0.1)
precise Does not exist

trusty Not vulnerable

upstream
Released (4.13-2)
xenial
Released (4.7-3ubuntu0.16.04.3)