[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

libtasn1 issue [was: [Secunia Research] Libtasn1 Vulnerability Report]

From: Nikos Mavrogiannopoulos
Subject: libtasn1 issue [was: [Secunia Research] Libtasn1 Vulnerability Report]
Date: Fri, 19 May 2017 18:02:12 +0200

 I've dug a little further to the previously reported issue, and it
seems there is an issue in asn1_find_node() if someone provides in
calls like asn1_read_value() a name which contains more than 65
characters between two dots. 

That however I'd expect to be a very uncommon usage of libtasn1, which
is typically something like:
asn1_read_value(node, "tbsResponseData.responderID.byKey", data, &len);

That is the name is provided as a constant from the developer and these
names cannot be more than 64-variables in the '.asn' files parsed by
libtasn1. I do not believe that the library can even cope with
malicious input to that field as can be underlined by the bug.

There will be a release in the following days including that fix,
however, I'd appreciate a second pair of eyes on that issue and fix.

The issue was fixed in:

Two test cases were introduced at:


reply via email to

[Prev in Thread] Current Thread [Next in Thread]