CVE-2017-6891

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GnuTLS libtasn1 version 4.10

Description The issue is related to two errors in the asn1 find node() function within the libtasn1 library of GnuTLS. These errors can be exploited to cause a stack-based buffer overflow. This can happen when a user is tricked into processing a specially crafted assignments file, for example, via the asn1Coding utility.

Recommendations For GnuTLS libtasn1 version 4.10, consider restricting the use of the asn1 find node() function until a patch is available. As a temporary workaround, avoid processing specially crafted assignments files with the asn1Coding utility to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2017-1744

CVE-2017-6891

DLA-950-1

DSA-3861-1

MGASA-2017-0159

OPENSUSE-SU-2019_1510-1

SUSE-SU-2017:1886-1

SUSE-SU-2017_1886-1

SUSE-SU-2019:1379-1

SUSE-SU-2019_1379-1

SUSE-SU-2022:3797-1

SUSE-SU-2022_3797-1

USN-3309-1

USN-3309-2

Affected Products

Alt Linux

Gnutls

Suse

Ubuntu

Libtasn1

CVE-2017-6891

Weakness Enumeration

Related Identifiers

Affected Products

References · 61