FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libtasn1 -- denial of service parsing malicious DER certificates

Affected packages
libtasn1 < 4.8

Details

VuXML ID 1b0d2938-0766-11e6-94fa-002590263bf5
Discovery 2016-04-11
Entry 2016-04-21

GNU Libtasn1 NEWS reports:

Fixes to avoid an infinite recursion when decoding without the ASN1_DECODE_FLAG_STRICT_DER flag. Reported by Pascal Cuoq.

References

CVE Name CVE-2016-4008
URL http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=blob_plain;f=NEWS;hb=e9bcdc86b920d72c9cffc2570d14eea2f6365b37
URL http://www.openwall.com/lists/oss-security/2016/04/13/3