Bug 1535578 – CVE-2018-6003 libtasn1: Stack exhaustion due to indefinite recursion during BER decoding

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1535578 - (CVE-2018-6003) CVE-2018-6003 libtasn1: Stack exhaustion due to indefinite recursion during BER decoding

Summary:	CVE-2018-6003 libtasn1: Stack exhaustion due to indefinite recursion during B...

Status:	NEW

Aliases:	CVE-2018-6003

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20180104,repor...
Keywords:	Security

Depends On:	1535924 1535925 1535926 1539171 1539172
Blocks:	1535580
	Show dependency tree / graph

Reported:	2018-01-17 11:16 EST by Adam Mariš
Modified:	2018-04-03 03:05 EDT (History)
CC List:	19 users (show)

See Also:
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Adam Mariš 2018-01-17 11:16:56 EST

It was found that indefinite string encoding is decoded via recursion in _asn1_decode_simple_ber() which can lead to stack exhaustion when processing specially crafted string.

Reference:

https://lists.gnu.org/archive/html/help-libtasn1/2018-01/msg00000.html

Comment 1 Adam Mariš 2018-01-17 11:22:22 EST

Upstream patch:

https://gitlab.com/gnutls/libtasn1/commit/c593ae84cfcde8fea45787e53950e0ac71e9ca97

Comment 2 Huzaifa S. Sidhpurwala 2018-01-18 04:35:16 EST

Created libtasn1 tracking bugs for this issue:

Affects: fedora-all [bug 1535926]


Created mingw-libtasn1 tracking bugs for this issue:

Affects: fedora-all [bug 1535925]

Comment 6 Kurt Seifried 2018-01-26 15:18:51 EST

Statement:

This issue affects the versions of libtasn1 as shipped with Red Hat Satellite version 6. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Note You need to log in before you can comment on or make changes to this bug.