CVE-2017-6891

CWE-787 — Out-of-bounds Write CWE-121 — Stack-based Buffer Overflow CWE-119 — Buffer Overflow12 documents8 sources

Severity

8.8HIGH

EPSS

1.2%

top 21.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Flexera Software LLC Gnutls Libtasn1 Apache Bookkeeper Debian Debian Linux +1 more

Timeline

PublishedMay 22

Latest updateMay 13

Description

Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5flexera_software_llc/gnutls_libtasn14.10. Other versions may also be affected.

▶Debianlibtasn1-6< 4.10-1.1+3

▶NVDgnu/libtasn14.10

▶NVDapache/bookkeeper4.12.1

Also affects: Debian Linux 8.0

Patches

Patch: secuniaresearch.flexerasoftware.com ↗Patch: secuniaresearch.flexerasoftware.com ↗

🔴Vulnerability Details

GHSA

GHSA-ch46-3x6h-7qrw: Two errors in the "asn1_find_node()" function (lib/parser_aux↗2022-05-13

▶

CVEList

CVE-2017-6891: Two errors in the "asn1_find_node()" function (lib/parser_aux↗2017-05-22

▶

OSV

CVE-2017-6891: Two errors in the "asn1_find_node()" function (lib/parser_aux↗2017-05-22

▶

📋Vendor Advisories

Ubuntu

Libtasn1 vulnerability↗2017-07-18

▶

Ubuntu

Libtasn1 vulnerability↗2017-06-05

▶

Red Hat

libtasn1: Stack-based buffer overflow in asn1_find_node()↗2017-05-18

▶

Debian

CVE-2017-6891: libtasn1-6 - Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS l...↗2017

▶

💬Community

Bugzilla

CVE-2017-6891 mingw-libtasn1: libtasn1: Stack-based buffer overflow in asn1_find_node() [fedora-all]↗2017-05-30

▶

Bugzilla

CVE-2017-6891 libtasn1: Stack-based buffer overflow in asn1_find_node() [fedora-all]↗2017-05-30

▶

Bugzilla

CVE-2017-6891 libtasn1: Stack-based buffer overflow in asn1_find_node()↗2017-05-30

▶

Bugzilla

CVE-2017-6891 mingw-libtasn1: libtasn1: Stack-based buffer overflow in asn1_find_node() [epel-7]↗2017-05-30

▶