Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
605
VMScore

CVE-2017-6891

Published: 22/05/2017 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Gnu

Vulnerability Summary

Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu libtasn1 4.10

debian debian linux 8.0

apache bookkeeper 4.12.1

Vendor Advisories

Debian CVElist Bug Report Logs: libtasn1-6: CVE-2017-6891
Debian Bug report logs - #863186 libtasn1-6: CVE-2017-6891 Package: src:libtasn1-6; Maintainer for src:libtasn1-6 is Debian GnuTLS Maintainers <pkg-gnutls-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 23 May 2017 05:00:02 UTC Severity: serious Tags: fixed-upstream, p ...
Ubuntu Security Notice: libtasn1-3 vulnerability
Libtasn1 could be made to crash or run programs as your login if it opened a specially crafted file ...
Ubuntu Security Notice: libtasn1-6 vulnerability
Libtasn1 could be made to crash or run programs as your login if it opened a specially crafted file ...
Debian Security Advisories: DSA-3861-1 libtasn1-6 -- security update
Jakub Jirasek of Secunia Research discovered that libtasn1, a library used to handle Abstract Syntax Notation One structures, did not properly validate its input This would allow an attacker to cause a crash by denial-of-service, or potentially execute arbitrary code, by tricking a user into processing a maliciously crafted assignments file For t ...
Red Hat: CVE-2017-6891
Two errors in the "asn1_find_node()" function (lib/parser_auxc) within GnuTLS libtasn1 version 410 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the eg asn1Coding utility ...
Arch Linux Issues:
Two errors in the "asn1_find_node()" function (lib/parser_auxc) within GnuTLS libtasn1 version 410 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the eg asn1Coding utility ...

References

CWE-787https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/https://secuniaresearch.flexerasoftware.com/advisories/76125/http://www.securityfocus.com/bid/98641http://www.securitytracker.com/id/1038619https://security.gentoo.org/glsa/201710-11http://www.debian.org/security/2017/dsa-3861http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.htmlhttp://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=5520704d075802df25ce4ffccc010ba1641bd484https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863186https://nvd.nist.govhttps://usn.ubuntu.com/3309-2/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook