[arch-security] [ASA-201505-5] libtasn1: arbitrary code execution
Levente Polyak
anthraxx at archlinux.org
Fri May 8 14:20:22 UTC 2015
Arch Linux Security Advisory ASA-201505-5
=========================================
Severity: Critical
Date : 2015-05-08
CVE-ID : CVE-2015-3622
Package : libtasn1
Type : arbitrary code execution
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
Summary
=======
The package libtasn1 before version 4.5-1 is vulnerable to arbitrary
code execution.
Resolution
==========
Upgrade to 4.5-1.
# pacman -Syu "libtasn1>=4.5-1"
The problem has been fixed upstream in version 4.5.
Workaround
==========
None.
Description
===========
A heap-based buffer overflow flaw was found in the way the libtasn1
library decoded certain DER-encoded input. A specially crafted,
DER-encoded input could cause an application using libtasn1 to perform
an invalid read, causing the application to crash or, possibly, execute
arbitrary code.
The heap overflow happens in the function _asn1_extract_der_octet() that
is called during decoding of DER-encoded input.
Impact
======
A remote attacker is able to use a specially crafted certificate that is
leading to arbitrary code execution during decoding.
References
==========
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=f979435
https://access.redhat.com/security/cve/CVE-2015-3622
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20150508/80a6bdd0/attachment.asc>
More information about the arch-security
mailing list