Buffer Overflow Vulnerability in GnuTLS Libtasn1 Version 4.10
CVE-2017-6891

8.8HIGH

Key Information:

Vendor

Flexera Software Llc

Status
Gnutls Libtasn1
Vendor
CVE Published:
22 May 2017

What is CVE-2017-6891?

The vulnerability arises from two errors in the asn1_find_node() function within GnuTLS libtasn1 version 4.10. Attackers can exploit these errors to cause a stack-based buffer overflow by persuading a user to process a specially crafted assignments file through the asn1Coding utility. This could lead to unauthorized access or execution of malicious code, posing serious risks to system integrity and data security.

Affected Version(s)

GnuTLS libtasn1 4.10. Other versions may also be affected.

References

https://security.gentoo.org/glsa/201710-11
vendor-advisoryx_refsource_GENTOO
http://www.debian.org/security/2017/dsa-3861
vendor-advisoryx_refsource_DEBIAN
https://secuniaresearch.flexerasoftware.com/advisories/76...
x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.