PT-2016-5806 · Gnu+3 · Gnu Libtasn1+3

Pascal Cuoq

Published

2016-04-11

Updated

2024-06-15

CVE-2016-4008

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GNU Libtasn1 versions prior to 4.8

Description The issue allows remote attackers to cause a denial of service, specifically an infinite recursion, through a crafted certificate. This occurs when the asn1 extract der octet function in lib/decoding.c is used without the ASN1 DECODE FLAG STRICT DER flag.

Recommendations For versions prior to 4.8, update to version 4.8 or later to resolve the issue. As a temporary workaround, consider using the ASN1 DECODE FLAG STRICT DER flag when utilizing the asn1 extract der octet function to minimize the risk of exploitation.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALT-PU-2016-1318

CVE-2016-4008

DLA-495-1

DSA-3568-1

MGASA-2016-0170

OPENSUSE-SU-2024:10414-1

SUSE-SU-2016:1600-1

SUSE-SU-2016:1601-1

SUSE-SU-2017:2699-1

SUSE-SU-2017:2700-1

USN-2957-1

USN-2957-2

Affected Products

Alt Linux

Gnu Libtasn1

Suse

Ubuntu

PT-2016-5806 · Gnu+3 · Gnu Libtasn1+3

CVE-2016-4008

Weakness Enumeration

Related Identifiers

Affected Products

References · 49