CVE-2016-4008

Published: May 5, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

GLSA-201703-05

vendor-advisory

x_refsource_GENTOO

FEDORA-2016-048ffb6235

vendor-advisory

x_refsource_FEDORA

http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625

x_refsource_CONFIRM

USN-2957-2

vendor-advisory

x_refsource_UBUNTU

FEDORA-2016-383b8250e6

vendor-advisory

x_refsource_FEDORA

openSUSE-SU-2016:1567

vendor-advisory

x_refsource_SUSE

[help-libtasn1] 20160411 GNU Libtasn1 4.8 released

mailing-list

x_refsource_MLIST

http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=f435825c0f527a8e52e6ffbc3ad0bc60531d537e

x_refsource_CONFIRM

DSA-3568

vendor-advisory

x_refsource_DEBIAN

openSUSE-SU-2016:1674

vendor-advisory

x_refsource_SUSE

FEDORA-2016-96bfd9e873

vendor-advisory

x_refsource_FEDORA

USN-2957-1

vendor-advisory

x_refsource_UBUNTU

[oss-security] 20160411 Infinite loops parsing malicious DER certificates in libtasn1 4.7

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-4008

Description

Affected Products

References