Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2018-6003

Published: 22 January 2018

An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.

Notes

AuthorNote
leosilva
libtasn1-3 (precise) and libtasn1-6 (trusty) are not affected
since vulnerable code was introduced in 4.3
bionic already has the fix

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
libtasn1-3
Launchpad, Ubuntu, Debian
upstream Needs triage

precise Not vulnerable

trusty Does not exist

xenial Does not exist

artful Does not exist

libtasn1-6
Launchpad, Ubuntu, Debian
upstream
Released (4.13-2)
precise Does not exist

trusty Not vulnerable

xenial
Released (4.7-3ubuntu0.16.04.3)
artful
Released (4.12-2.1ubuntu0.1)