#VU6890 Buffer overflow in libtASN1 - CVE-2017-6891


Vulnerability identifier: #VU6890

Vulnerability risk: Medium

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-6891

CWE-ID: CWE-121

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libtASN1
Universal components / Libraries / Libraries used by multiple products

Vendor: GNU

Description
A remote attacker can execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 when processing a specially crafted assignments file via the e.g. asn1Coding utility. A remote attacker can trick the victim into opening a specially crafted file, trigger stack-based buffer overflow and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation
Install update form GIT repository.

Vulnerable software versions

libtASN1: 4.0 - 4.10

External links
https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/
https://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd4...

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for libtasn1
OpenSUSE Linux update for libtasn1
Gentoo update for GNU Libtasn1
Ubuntu update for Libtasn1
Arch Linux update for lib32-libtasn1
Ubuntu update for GNU Libtasn1
Remote code execution in GNU Libtasn1
Arch Linux update for libtasn1
Buffer overflow in libtasn1 (Alpine package)
Debian update for libtasn1-6