CVE-2017-10790
published 2017-07-02CVE-2017-10790: The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers…
PriorityP337high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
4.99%
91.1th percentile
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libtasn1-6 | < libtasn1-6 4.12-2.1 (bookworm) | libtasn1-6 4.12-2.1 (bookworm) |
| gnu | libtasn1 | <= 4.12 | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Libtasn1 vulnerabilities
vendor_ubuntu·2018-01-25·CVSS 7.5
CVE-2017-10790 [HIGH] Libtasn1 vulnerabilities
Title: Libtasn1 vulnerabilities
Summary: Several security issues were fixed in Libtasn1.
It was discovered that Libtasn1 incorrectly handled certain files.
If a user were tricked into opening a crafted file, an attacker could possibly
use this to cause a denial of service. This issue only affected Ubuntu 14.04
LTS and Ubuntu 16.04 LTS. (CVE-2017-10790)
It was discovered that Libtasn1 incorrectly handled certain inputs.
An attacker could possibly use this to cause Libtasn1 to hang, resulting
in a denial of service. This issue only affected Ubuntu 16.04 LTS and
Ubuntu 17.10. (CVE-2018-6003)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
libtasn1: NULL pointer dereference in the _asn1_check_identifier function
vendor_redhat·2017-06-22·CVSS 7.5
CVE-2017-10790 [HIGH] CWE-476 libtasn1: NULL pointer dereference in the _asn1_check_identifier function
libtasn1: NULL pointer dereference in the _asn1_check_identifier function
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.
Package: libtasn1 (Red Hat Enterprise Linux 6) - Will not fix
Package: libtasn1 (Red Hat Enterprise Linux 7) - Will not fix
Package: ming-virt-viewer (Red Hat Enterprise Virtualization 3) - Will not fix
Package: libtasn1 (Red Hat Satellite 6) - Will not fix
Debian
CVE-2017-10790: libtasn1-6 - The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL p...
vendor_debian·2017·CVSS 7.5
CVE-2017-10790 [HIGH] CVE-2017-10790: libtasn1-6 - The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL p...
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.
Scope: local
bookworm: resolved (fixed in 4.12-2.1)
bullseye: resolved (fixed in 4.12-2.1)
forky: resolved (fixed in 4.12-2.1)
sid: resolved (fixed in 4.12-2.1)
trixie: resolved (fixed in 4.12-2.1)
GHSA
GHSA-xcv8-6xfc-9686: The _asn1_check_identifier function in GNU Libtasn1 through 4
ghsa_unreviewed·2022-05-13
CVE-2017-10790 [HIGH] CWE-476 GHSA-xcv8-6xfc-9686: The _asn1_check_identifier function in GNU Libtasn1 through 4
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.
OSV
libtasn1-6 vulnerabilities
osv·2018-01-25·CVSS 7.5
CVE-2017-10790 [HIGH] libtasn1-6 vulnerabilities
libtasn1-6 vulnerabilities
It was discovered that Libtasn1 incorrectly handled certain files.
If a user were tricked into opening a crafted file, an attacker could possibly
use this to cause a denial of service. This issue only affected Ubuntu 14.04
LTS and Ubuntu 16.04 LTS. (CVE-2017-10790)
It was discovered that Libtasn1 incorrectly handled certain inputs.
An attacker could possibly use this to cause Libtasn1 to hang, resulting
in a denial of service. This issue only affected Ubuntu 16.04 LTS and
Ubuntu 17.10. (CVE-2018-6003)
OSV
CVE-2017-10790: The _asn1_check_identifier function in GNU Libtasn1 through 4
osv·2017-07-02·CVSS 7.5
CVE-2017-10790 [HIGH] CVE-2017-10790: The _asn1_check_identifier function in GNU Libtasn1 through 4
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-10790 mingw-libtasn1: libtasn1: NULL pointer dereference in the _asn1_check_identifier function [fedora-all]
bugzilla·2017-07-20·CVSS 7.5
CVE-2017-10790 [HIGH] CVE-2017-10790 mingw-libtasn1: libtasn1: NULL pointer dereference in the _asn1_check_identifier function [fedora-all]
CVE-2017-10790 mingw-libtasn1: libtasn1: NULL pointer dereference in the _asn1_check_identifier function [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this i
Bugzilla
CVE-2017-10790 mingw-libtasn1: libtasn1: NULL pointer dereference in the _asn1_check_identifier function [epel-7]
bugzilla·2017-07-20·CVSS 7.5
CVE-2017-10790 [HIGH] CVE-2017-10790 mingw-libtasn1: libtasn1: NULL pointer dereference in the _asn1_check_identifier function [epel-7]
CVE-2017-10790 mingw-libtasn1: libtasn1: NULL pointer dereference in the _asn1_check_identifier function [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the
Bugzilla
CVE-2017-10790 libtasn1: NULL pointer dereference in the _asn1_check_identifier function [fedora-all]
bugzilla·2017-07-20·CVSS 7.5
CVE-2017-10790 [HIGH] CVE-2017-10790 libtasn1: NULL pointer dereference in the _asn1_check_identifier function [fedora-all]
CVE-2017-10790 libtasn1: NULL pointer dereference in the _asn1_check_identifier function [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects mul
Bugzilla
CVE-2017-10790 libtasn1: NULL pointer dereference in the _asn1_check_identifier function
bugzilla·2017-07-20·CVSS 7.5
CVE-2017-10790 [HIGH] CVE-2017-10790 libtasn1: NULL pointer dereference in the _asn1_check_identifier function
CVE-2017-10790 libtasn1: NULL pointer dereference in the _asn1_check_identifier function
The _asn1_check_identifier function in GNU Libtasn1 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a denial of service attack.
Product bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1464141
Discussion:
Created libtasn1 tracking bugs for this issue:
Affects: fedora-all [bug 1473195]
Created mingw-libtasn1 tracking bugs for this issue:
Affects: epel-7 [bug 1473196]
Affects: fedora-all [bug 1473194]
https://bugzilla.redhat.com/show_bug.cgi?id=1464141https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2020/06/msg00026.htmlhttps://security.gentoo.org/glsa/201710-11https://usn.ubuntu.com/3547-1/https://www.debian.org/security/2018/dsa-4106https://bugzilla.redhat.com/show_bug.cgi?id=1464141https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2020/06/msg00026.htmlhttps://security.gentoo.org/glsa/201710-11https://usn.ubuntu.com/3547-1/https://www.debian.org/security/2018/dsa-4106
2017-07-02
Published