According to the RedHat bugzilla [1]: It was found that indefinite string encoding is decoded via recursion in _asn1_decode_simple_ber() which can lead to stack exhaustion when processing specially crafted string. Upstream fix [2] [1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-6003 [2] https://gitlab.com/gnutls/libtasn1/commit/c593ae84cfcde8fea45787e53950e0ac71e9ca97 Reproducible: Always
CVE ID: CVE-2018-6003 Summary: An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS. @Maintainers 4.13 in tree, please call for stabilization when ready.
@arches, please stabilize.
ia64 stable
amd64 stable
arm64 stable
x86 stable
ppc64 stable
Stable on alpha.
ppc stable
arm stable
@hppa?
hppa stable
GLSA Vote: No @maintainer(s), please clean the vulnerable versions.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c77661f3bd26696bd9f99671369a67fb56a445c5 commit c77661f3bd26696bd9f99671369a67fb56a445c5 Author: Alon Bar-Lev <alonbl@gentoo.org> AuthorDate: 2018-04-22 21:14:27 +0000 Commit: Alon Bar-Lev <alonbl@gentoo.org> CommitDate: 2018-04-22 21:15:19 +0000 dev-libs/libtasn1: cleanup Bug: https://bugs.gentoo.org/show_bug.cgi?id=647012 Package-Manager: Portage-2.3.24, Repoman-2.3.6 dev-libs/libtasn1/Manifest | 1 - .../files/libtasn1-4.12-CVE-2017-10790.patch | 55 ---------------------- dev-libs/libtasn1/libtasn1-4.12-r1.ebuild | 50 -------------------- 3 files changed, 106 deletions(-)}
(In reply to Larry the Git Cow from comment #14) > The bug has been referenced in the following commit(s): > > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=c77661f3bd26696bd9f99671369a67fb56a445c5 > > commit c77661f3bd26696bd9f99671369a67fb56a445c5 > Author: Alon Bar-Lev <alonbl@gentoo.org> > AuthorDate: 2018-04-22 21:14:27 +0000 > Commit: Alon Bar-Lev <alonbl@gentoo.org> > CommitDate: 2018-04-22 21:15:19 +0000 > > dev-libs/libtasn1: cleanup > > Bug: https://bugs.gentoo.org/show_bug.cgi?id=647012 > Package-Manager: Portage-2.3.24, Repoman-2.3.6 > > dev-libs/libtasn1/Manifest | 1 - > .../files/libtasn1-4.12-CVE-2017-10790.patch | 55 > ---------------------- > dev-libs/libtasn1/libtasn1-4.12-r1.ebuild | 50 -------------------- > 3 files changed, 106 deletions(-)} Thanks, Alon!