Bug 27710 - perl-Convert-ASN1 new security issue CVE-2013-7488
Summary: perl-Convert-ASN1 new security issue CVE-2013-7488
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Keywords: feedback
Depends on:
Reported: 2020-12-02 17:31 CET by David Walser
Modified: 2020-12-30 19:02 CET (History)
3 users (show)

See Also:
Source RPM: perl-Convert-ASN1-0.270.0-7.mga8.src.rpm
Status comment:


Description David Walser 2020-12-02 17:31:39 CET
Fedora has issued an advisory today (December 2):

Mageia 7 is also affected.
David Walser 2020-12-02 17:31:49 CET

Whiteboard: (none) => MGA7TOO

Comment 1 Aurelien Oudelet 2020-12-02 18:09:45 CET
Hi, thanks for reporting this bug.
Assigned to the package maintainer.

(Please set the status to 'assigned' if you are working on it)

Assignee: bugsquad => shlomif
CC: (none) => ouaurelien

Comment 2 Nicolas Lécureuil 2020-12-27 12:35:31 CET
fixed in cauldron.

Version: Cauldron => 7
Whiteboard: MGA7TOO => (none)
CC: (none) => mageia

Comment 3 Nicolas Lécureuil 2020-12-27 13:08:17 CET
pushed in mga7


Assignee: shlomif => qa-bugs

Comment 4 David Walser 2020-12-27 17:12:47 CET

Updated perl-Convert-ASN1 package fixes security vulnerability:

perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows
remote attackers to cause an infinite loop via unexpected input


Updated packages in core/updates_testing:

from perl-Convert-ASN1-0.270.0-6.1.mga7.src.rpm
Comment 5 Len Lawrence 2020-12-30 18:26:42 CET
mga7, x64

Installed the module.

$ cat 27710.pl
use Convert::ASN1;
my $asn = Convert::ASN1->new;
    int INTEGER
my $out;
$out = $asn->decode( pack("H*", "dfccd3fde3") );
$out = $asn->decode( pack("H*", "b0805f92cb") );

Running this script causes an endless stream of messages.
$ perl 27710.pl
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/vendor_perl/Convert/ASN1/_decode.pm line 692.
substr outside of string at /usr/share/perl5/vendor_perl/Convert/ASN1/_decode.pm line 692.
Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/vendor_perl/Convert/ASN1/_decode.pm line 692.
substr outside of string at /usr/share/perl5/vendor_perl/Convert^C

Updated the package.
Ran the PoC again.
This still caused an endless loop so the problem has not been fixed.
$ rpm -q perl-Convert-ASN1

CC: (none) => tarazed25

Comment 6 Len Lawrence 2020-12-30 19:01:17 CET
With reference to comment 5.
Used madb to find the x86_64 unified diffs on the source package but don't know how to read it apart from seeing that a patch was applied.
Len Lawrence 2020-12-30 19:02:33 CET

Keywords: (none) => feedback

Note You need to log in before you can comment on or make changes to this bug.