CVE-2017-6891 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Arbitrary code execution
Description	Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-286	lib32-libtasn1	4.10-1	4.11-1	High	Fixed
AVG-285	libtasn1	4.10-1	4.11-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
02 Jun 2017	ASA-201706-3	AVG-285	libtasn1	High	arbitrary code execution
12 Jun 2017	ASA-201706-10	AVG-286	lib32-libtasn1	High	arbitrary code execution

References
https://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=5520704d075802df25ce4ffccc010ba1641bd484 https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/