Buffer overflow in libtasn1 (Alpine package)

1) Buffer overflow

EUVDB-ID: #VU6890

Risk: Medium

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-6891

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

A remote attacker can execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 when processing a specially crafted assignments file via the e.g. asn1Coding utility. A remote attacker can trick the victim into opening a specially crafted file, trigger stack-based buffer overflow and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

libtasn1 (Alpine package): 4.2-r0 - 4.7-r1

CPE2.3

• cpe:2.3:a:alpine:libtasn1_alpine_package:4.2-r0:*:*:*:*:alpine_linux:*:3.1
• cpe:2.3:a:alpine:libtasn1_alpine_package:4.5-r0:*:*:*:*:alpine_linux:*:3.1
• cpe:2.3:a:alpine:libtasn1_alpine_package:4.5-r1:*:*:*:*:alpine_linux:*:3.1

External links

https://git.alpinelinux.org/aports/commit/?id=27d555772117e0ca1d61186c922d703e77ba3cef
https://git.alpinelinux.org/aports/commit/?id=f3deae790a5e13e6419c1bf4f0c5f62c4d5206db
https://git.alpinelinux.org/aports/commit/?id=0620c144b585c1544a4ef2cbded07c036ac938ff
https://git.alpinelinux.org/aports/commit/?id=6600118fbc5b3bf77dd21d8734636a98d92b5519
https://git.alpinelinux.org/aports/commit/?id=9c7bef126531b81cd07fa8fb09f8fde105afe6ca

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.