Stack overflow in libtasn1

Posted by Hanno Böck on Mar 30


libtasn1 is a library to parse ASN.1 data structures. Its most
prominent user is GnuTLS.

Fuzzing libtasn1 led to the discovery of a stack write overflow in the
function _asn1_ltostr (file parser_aux.c). It overflows a temporary
buffer variable on certain inputs. This issue has been reported to the
developers on 2015-03-26. A fix was released on 2015-03-29.


Leave a Reply