[3.4] libtasn1: infinite loop while parsing DER certificates (CVE-2016-4008)ID: oval:org.secpod.oval:def:1800695 | Date: (C)2018-03-28 (M)2023-12-20 |
Class: PATCH | Family: unix |
The libtasn1 library, in its 4.7 version, can loop for a long time or indefinitely when it is used to parse DER representations of X509 certificates, leading to a denial of service. Some of these loops may in addition increase heap or stack usage, leading to more issues. libtasn1 before version 4.8 is vulnerable. Fixed In Version: libtasn1 4.8
Platform: |
Alpine Linux 3.4 |