suse · CVE-2017-6891

Quick triage

Priority: medium Published: 2021-05-30 13:53:54 UTC Updated: 2026-04-18 09:10:23 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-6891 severity moderate: SUSE including 40 source package names (24.4:libtasn1-4.9-3.10.1, 24.4:libtasn1-6-4.9-3.10.1, …), 244 product×package rows across 66 product lines (Container caasp/v4/nginx-ingress-controller, Container suse/ltss/sle12.5/sles12sp5, … (66 product lines)): Known Not Affected 129, Fixed 115.

Description:

Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.

cvelogic Threat Intelligence