Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20150430180752.E03F342E117@smtpvbsrv1.mitre.org>
Date: Thu, 30 Apr 2015 14:07:52 -0400 (EDT)
From: cve-assign@...re.org
To: hanno@...eck.de
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Heap overflow / invalid read in Libtasn1 before 4.5 (TFPA 005/2015)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> https://blog.fuzzing-project.org/9-Heap-overflow-invalid-read-in-Libtasn1-TFPA-0052015.html
> 
> heap overflow happens in the function _asn1_extract_der_octet

> http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=f979435823a02f842c41d49cd41cc81f25b5d677

> prevent past of boundary access

> https://lists.gnu.org/archive/html/help-libtasn1/2015-04/msg00000.html

> Corrected an invalid memory access in octet string decoding

Use CVE-2015-3622 for this over-read issue.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVQm7sAAoJEKllVAevmvmscVMIAMeKu9qlLfKaRe/bKDvOi/rW
WpIx9K/DpdgUwUMdmgLqLD8maV5JOkK4oFAcMYvK6G+UppsfespcpKnZ0pcR7O41
On+tIrmlWm6JyucB2sB1V8bdIynwWGbBjqgGDSAjV2cABbzEGj0XhrhpcWpsRSVo
+EGHKsGE2JR5Nn6PhMXpYnEV94l3EGEmlVfMYFAjRq6CUfNa6GMppQNeTpcylxfn
H0HqaYGZIbw2ilT4xlhJmrK6282lkRleCF6U8e2eYkluIFmGE/0GX0MvAuxSIlke
bqBetn8Itj4bLtlqnalg6dCs6Ekn9sAOFtiFUytHNw19k+/cXxhieT7ZK13oPeQ=
=qmH3
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.