647010 – dev-libs/libtasn1: CVE-2017-10790: NULL pointer dereference/DOS

Bug 647010 - dev-libs/libtasn1: CVE-2017-10790: NULL pointer dereference/DOS

Summary: dev-libs/libtasn1: CVE-2017-10790: NULL pointer dereference/DOS

Status:	RESOLVED DUPLICATE of bug 627014

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2018-02-08 16:31 UTC by Ian Zimmerman
Modified:	2018-03-14 22:52 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ian Zimmerman 2018-02-08 16:31:22 UTC

According to the RedHat bugzilla [1]:

The _asn1_check_identifier function in GNU Libtasn1 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a denial of service attack.

Upstream fix [2]

[1]
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-10790

[2]
https://gitlab.com/gnutls/libtasn1/commit/d8d805e1f2e6799bb2dff4871a8598dc83088a39

Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev

2018-03-14 22:52:23 UTC


*** This bug has been marked as a duplicate of bug 627014 ***