CVE Vulnerabilities

CVE-2016-4008

Published: May 05, 2016 | Modified: Nov 07, 2023
CVSS 3.x
5.9
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu
MEDIUM

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.

Affected Software

Name Vendor Start Version End Version
Ubuntu_linux Canonical 12.04 (including) 12.04 (including)
Ubuntu_linux Canonical 14.04 (including) 14.04 (including)
Ubuntu_linux Canonical 15.10 (including) 15.10 (including)
Ubuntu_linux Canonical 16.04 (including) 16.04 (including)
Libtasn1-3 Ubuntu precise *
Libtasn1-3 Ubuntu precise/esm *
Libtasn1-3 Ubuntu upstream *
Libtasn1-6 Ubuntu esm-infra/xenial *
Libtasn1-6 Ubuntu trusty *
Libtasn1-6 Ubuntu trusty/esm *
Libtasn1-6 Ubuntu upstream *
Libtasn1-6 Ubuntu vivid/stable-phone-overlay *
Libtasn1-6 Ubuntu vivid/ubuntu-core *
Libtasn1-6 Ubuntu wily *
Libtasn1-6 Ubuntu xenial *

References