Learn about CVE-2017-10790 affecting GNU Libtasn1. This vulnerability can lead to a remote denial of service attack due to a NULL pointer dereference. Find mitigation steps here.
CVE-2017-10790 was published on July 2, 2017, and affects GNU Libtasn1 up to version 4.12. The vulnerability in the _asn1_check_identifier function can lead to a remote denial of service attack through a NULL pointer dereference.
Understanding CVE-2017-10790
This CVE entry highlights a vulnerability in GNU Libtasn1 that can result in crashing and a NULL pointer dereference when processing manipulated input.
What is CVE-2017-10790?
The _asn1_check_identifier function in GNU Libtasn1 up to version 4.12 can crash and cause a NULL pointer dereference due to manipulated input, potentially leading to a remote denial of service attack.
The Impact of CVE-2017-10790
This vulnerability has the potential to be exploited for a remote denial of service attack, impacting the availability of systems utilizing affected versions of GNU Libtasn1.
Technical Details of CVE-2017-10790
This section delves into the technical aspects of the CVE.
Vulnerability Description
The _asn1_check_identifier function in GNU Libtasn1 through version 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure.
Affected Systems and Versions
Exploitation Mechanism
The vulnerability is triggered by processing manipulated input that results in assigning a NULL value to an element within the asn1_node structure, leading to a crash and potential denial of service.
Mitigation and Prevention
Protecting systems from CVE-2017-10790 requires immediate actions and long-term security practices.
Immediate Steps to Take
Long-Term Security Practices
Patching and Updates