libtasn1: infinite loop while parsing DER certificates (CVE-2016-4008)
The libtasn1 library, in its 4.7 version, can loop for a long time or
indefinitely when it is used to parse DER representations of X509
certificates,
leading to a denial of service. Some of these loops may in addition
increase heap or stack usage, leading to more issues.
libtasn1 before version 4.8 is vulnerable.
Fixed In Version:
libtasn1 4.8
References:
http://seclists.org/oss-sec/2016/q2/51
(from redmine: issue id 5446, created on 2016-04-20, closed on 2016-05-10)
- Relations:
- child #5447 (closed)
- child #5448 (closed)
- child #5449 (closed)
- child #5450 (closed)
- child #5451 (closed)