vulnerability

FreeBSD: libtasn1 -- denial of service parsing malicious DER certificates (CVE-2016-4008)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:N/A:P)	Apr 11, 2016	Apr 21, 2016	Oct 30, 2017

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:N/A:P)

Published

Apr 11, 2016

Added

Apr 21, 2016

Modified

Oct 30, 2017

Description

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.

Solution

freebsd-upgrade-package-libtasn1

References

CVE-2016-4008
https://attackerkb.com/topics/CVE-2016-4008
URL-http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=blob_plain;f=NEWS;hb=e9bcdc86b920d72c9cffc2570d14eea2f6365b37
URL-http://www.openwall.com/lists/oss-security/2016/04/13/3

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today