NULL Pointer Dereference in libtasn1-6

Do your applications use this vulnerable package? Test your applications

Overview

The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.

References

CVE Details
Debian Security Advisory
Debian Security Tracker
Gentoo Security Advisory
MLIST
RedHat Bugzilla Bug
Ubuntu CVE Tracker
Ubuntu Security Advisory

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2017-10790
CWE: CWE-476
Snyk ID: SNYK-DEBIAN8-LIBTASN16-339622
Disclosed: 02 Jul, 2017
Published: 02 Jul, 2017

NULL Pointer Dereference
Affecting libtasn1-6 package, versions <4.2-3+deb8u4

Overview

References

CVSS Score

NULL Pointer Dereference Affecting libtasn1-6 package, versions <4.2-3+deb8u4

Overview

References

NULL Pointer Dereference
Affecting libtasn1-6 package, versions <4.2-3+deb8u4