Stack overflow in libtasn1

Posted by Hanno Böck on Mar 30

From
https://blog.fuzzing-project.org/6-Stack-overflow-in-libtasn1-TFPA-0022015.html

libtasn1 is a library to parse ASN.1 data structures. Its most
prominent user is GnuTLS.

Fuzzing libtasn1 led to the discovery of a stack write overflow in the
function _asn1_ltostr (file parser_aux.c). It overflows a temporary
buffer variable on certain inputs. This issue has been reported to the
developers on 2015-03-26. A fix was released on 2015-03-29.

The…

Leave a Reply