CVE-2017-10790
Debian Security Advisory 4106-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.
La función _asn1_check_identifier en GNU Libtasn1 hasta la versión 4.12 provoca una desreferencia de puntero NULL y un cierre inesperado cuando se leen entradas manipuladas que desencadenan la asignación de un valor NULL en una estructura asn1_node. Esto puede dar lugar a un ataque remoto de denegación de servicio (DoS).
It was discovered that Libtasn1 incorrectly handled certain files. If a user were tricked into opening a crafted file, an attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that Libtasn1 incorrectly handled certain inputs. An attacker could possibly use this to cause Libtasn1 to hang, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-07-01 CVE Reserved
- 2017-07-02 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (7)
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1464141 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201710-11 | 2023-11-07 | |
| https://usn.ubuntu.com/3547-1 | 2023-11-07 | |
| https://www.debian.org/security/2018/dsa-4106 | 2023-11-07 |