libtasn1: asn1_find_node() based stackoverflow (CVE-2017-6891)
Two errors in the “asn1_find_node()” function (lib/parser_aux.c)
within GnuTLS libtasn1 version 4.10 can be exploited to cause a
stacked-based
buffer overflow by tricking a user into processing a specially crafted
assignments file via the e.g. asn1Coding utility.
References:
https://secuniaresearch.flexerasoftware.com/secunia\_research/2017-11/
https://nvd.nist.gov/vuln/detail/CVE-2017-6891
Patch:
(from redmine: issue id 7326, created on 2017-05-25, closed on 2017-05-25)
- Relations:
- child #7327 (closed)
- child #7328 (closed)
- child #7329 (closed)
- child #7330 (closed)
- child #7331 (closed)