[3.2] libtasn1: infinite loop while parsing DER certificates (CVE-2016-4008)
The libtasn1 library, in its 4.7 version, can loop for a long time or
indefinitely when it is used to parse DER representations of X509
certificates,
leading to a denial of service. Some of these loops may in addition
increase heap or stack usage, leading to more issues.
libtasn1 before version 4.8 is vulnerable.
Fixed In Version:
libtasn1 4.8
References:
http://seclists.org/oss-sec/2016/q2/51
(from redmine: issue id 5449, created on 2016-04-20, closed on 2016-05-10)
- Relations:
- parent #5446 (closed)
- Changesets:
- Revision 9802b735 on 2016-05-05T10:27:33Z:
main/libtasn1: security fix (CVE-2016-4008). Fixes #5449
(cherry picked from commit d58626fa7d19859411c87c0a422906ed9dbb91c9)