CVE-2016-4008 in Libtasn1info

Summary

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.

Be aware that VulDB is the high quality source for vulnerability data.

ID	Vulnerability	CWE	Exp	Cou	CVE
83742	GNU Libtasn1 decoding.c _asn1_extract_der_octet resource management	399	Not defined	Official fix	CVE-2016-4008

Reservation

04/13/2016

Disclosure

05/05/2016

Status

Confirmed

Entries

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-4008
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-4008
CVE Details	https://www.cvedetails.com/cve/CVE-2016-4008/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!