The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in
libasn1fix.a in asn1c 0.9.28 allows remote attackers to cause a denial
of service (segmentation fault) via a crafted .asn1 file.
Created asn1c tracking bugs for this issue:
Affects: fedora-all [bug 1484824]
This has got to be one of the worst upstream bug reports I've ever seen.
- There's no traceback or indication of what actually went wrong, just "access violation" and the function.
- There's no reproducer; in the middle, the reporter shows a different file. It is not clear why this file is shown.
- The reporter has clearly made a custom build (probably for fuzzing), but couldn't be bothered to build it unoptimized.
- asn1c is expressly not intended to be public facing; no compiler is hardened in this manner.
Given the above, I'm kind of shocked that this was issued a CVE, and I doubt anyone will be "fixing" it soon.
(Sorry, applied status change to the wrong bug instead of the Fedora one.)
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.