[3.1] libtasn1: infinite loop while parsing DER certificates (CVE-2016-4008)
The libtasn1 library, in its 4.7 version, can loop for a long time or
indefinitely when it is used to parse DER representations of X509
certificates,
leading to a denial of service. Some of these loops may in addition
increase heap or stack usage, leading to more issues.
libtasn1 before version 4.8 is vulnerable.
Fixed In Version:
libtasn1 4.8
References:
http://seclists.org/oss-sec/2016/q2/51
(from redmine: issue id 5450, created on 2016-04-20, closed on 2016-05-10)
- Relations:
- parent #5446 (closed)
- Changesets:
- Revision c163d035 on 2016-05-05T10:29:48Z:
main/libtasn1: security fix (CVE-2016-4008). Fixes #5450
(cherry picked from commit 9802b7359f81e3b3aa657308501b7cdddbcfaf87)