Heap overflow / invalid read in Libtasn1 before 4.5 (TFPA 005/2015)

Posted by Hanno Böck on Apr 30

https://blog.fuzzing-project.org/9-Heap-overflow-invalid-read-in-Libtasn1-TFPA-0052015.html

While fuzzing GnuTLS I discovered a malformed certificate input sample
that would cause a heap overflow read of 99 bytes in the DER decoding
functions of Libtasn1. The heap overflow happens in the function
_asn1_extract_der_octet().

This issue was reported to the Libtasn1 developer on 16th April. A fix
was committed on 20th April and is part of the…

Leave a Reply