CVE-2016-4008

The asn1extractderoctet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1DECODEFLAGSTRICTDER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.

References

Affected packages

Git / gitlab.com/gnutls/libtasn1

Affected ranges

Type: GIT
Repo: https://gitlab.com/gnutls/libtasn1
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1e3d04bce839540c6a3f8f14c8521d8390042f23

Affected versions

Other

gnutls_0_5_0

gnutls_0_5_1

libasn1_0_1_0

libtasn1-0-3-2

libtasn1_0_1_2

libtasn1_0_2_0

libtasn1_0_2_1

libtasn1_0_2_10

libtasn1_0_2_11

libtasn1_0_2_12

libtasn1_0_2_13

libtasn1_0_2_14

libtasn1_0_2_15

libtasn1_0_2_16

libtasn1_0_2_17

libtasn1_0_2_18

libtasn1_0_2_2

libtasn1_0_2_3

libtasn1_0_2_4

libtasn1_0_2_5

libtasn1_0_2_6

libtasn1_0_2_7

libtasn1_0_2_8

libtasn1_0_2_9

libtasn1_0_3_0

libtasn1_0_3_1

libtasn1_0_3_10

libtasn1_0_3_2

libtasn1_0_3_3

libtasn1_0_3_4

libtasn1_0_3_5

libtasn1_0_3_6

libtasn1_0_3_7

libtasn1_0_3_8

libtasn1_0_3_9

libtasn1_1_0

libtasn1_1_1

libtasn1_1_2

libtasn1_1_3

libtasn1_1_4

libtasn1_1_5

libtasn1_1_6

libtasn1_2_0

libtasn1_2_1

libtasn1_2_10

libtasn1_2_11

libtasn1_2_12

libtasn1_2_13

libtasn1_2_2

libtasn1_2_3

libtasn1_2_4

libtasn1_2_5

libtasn1_2_6

libtasn1_2_7

libtasn1_2_8

libtasn1_2_9

libtasn1_3_0

libtasn1_3_1

libtasn1_3_2

libtasn1_3_3

libtasn1_3_4

libtasn1_3_5

libtasn1_3_6

libtasn1_4_0

libtasn1_4_1

libtasn1_4_2

libtasn1_4_3

libtasn1_4_4

libtasn1_4_5

libtasn1_4_6

libtasn1_after_rename

libtasn1_4.*

libtasn1_4.7

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4008.json"