CVE-2017-6891 log

Source
Severity High
Remote No
Type Arbitrary code execution
Description
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.
Group Package Affected Fixed Severity Status Ticket
AVG-286 lib32-libtasn1 4.10-1 4.11-1 High Fixed
AVG-285 libtasn1 4.10-1 4.11-1 High Fixed
Date Advisory Group Package Severity Description
02 Jun 2017 ASA-201706-3 AVG-285 libtasn1 High arbitrary code execution
12 Jun 2017 ASA-201706-10 AVG-286 lib32-libtasn1 High arbitrary code execution
References
https://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=5520704d075802df25ce4ffccc010ba1641bd484
https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/