CVE-2016-4008

Priority
Description
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1
before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows
remote attackers to cause a denial of service (infinite recursion) via a
crafted certificate.
Assigned-to
mdeslaur
Notes
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):released (2.10-1ubuntu1.5)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (3.4-3ubuntu0.4)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.7-3ubuntu0.16.04.1)
Patches:
Upstream:http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=f435825c0f527a8e52e6ffbc3ad0bc60531d537e
Upstream:http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625
More Information

Updated: 2020-07-28 19:57:22 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)