Bug 1076832 - (CVE-2018-6003) VUL-0: CVE-2018-6003: libtasn1: Stack exhaustion due to indefinite recursion during BER decoding
(CVE-2018-6003)
VUL-0: CVE-2018-6003: libtasn1: Stack exhaustion due to indefinite recursion ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: E-mail List
Security Team bot
https://smash.suse.de/issue/198677/
CVSSv3:RedHat:CVE-2018-6003:7.5:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-01-19 15:08 UTC by Karol Babioch
Modified: 2018-01-31 23:45 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-01-19 15:08:24 UTC
_asn1_decode_simple_ber: restrict the levels of recursion to 3
On indefinite string decoding, setting a maximum level of recursions
protects the BER decoder from a stack exhaustion due to large amounts
of recursion.
Comment 1 Karol Babioch 2018-01-19 15:24:02 UTC
The affected function was only added with this commit [1], which was first introduced with version 1.4.3 [2].

Therefore the codestreams "SUSE:SLE-11-SP1:Update" and "SUSE:SLE-12:Update" are _NOT_ affected, whereas "SUSE:SLE-12-SP3:Update" is affected. Upstream fix can be found here [3] and applies cleanly.

[1]: http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/lib/decoding.c?id=b12bfa8932f44d1d1c25b4a2e385387a62dfbcc9
[2]: http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?h=libtasn1_4_3&id=85f9d61c9bf8b6d4c025fb1764c2cfe11cabdfa9
[3]: http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97
Comment 3 Karol Babioch 2018-01-23 07:59:21 UTC
CVE-2018-6003 has been assigned to this.
Comment 5 Swamp Workflow Management 2018-01-30 17:08:44 UTC
SUSE-SU-2018:0295-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1076832
CVE References: CVE-2018-6003
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    libtasn1-4.9-3.5.1
SUSE Linux Enterprise Server 12-SP3 (src):    libtasn1-4.9-3.5.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    libtasn1-4.9-3.5.1
SUSE CaaS Platform ALL (src):    libtasn1-4.9-3.5.1
Comment 6 Karol Babioch 2018-01-31 08:07:41 UTC
fixed
Comment 7 Swamp Workflow Management 2018-01-31 23:14:09 UTC
openSUSE-SU-2018:0324-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1076832
CVE References: CVE-2018-6003
Sources used:
openSUSE Leap 42.3 (src):    libtasn1-4.9-3.1