[3.4] libtasn1: infinite loop while parsing DER certificates (CVE-2016-4008)
The libtasn1 library, in its 4.7 version, can loop for a long time or
indefinitely when it is used to parse DER representations of X509
certificates,
leading to a denial of service. Some of these loops may in addition
increase heap or stack usage, leading to more issues.
libtasn1 before version 4.8 is vulnerable.
Fixed In Version:
libtasn1 4.8
References:
http://seclists.org/oss-sec/2016/q2/51
(from redmine: issue id 5447, created on 2016-04-20, closed on 2016-05-10)
- Relations:
- parent #5446 (closed)