CVE-2016-4008
published 2016-05-05CVE-2016-4008: The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote…
PriorityP336medium5.9CVSS 3.0
AVNACHPRNUINSUCNINAH
EPSS
29.57%
98.0th percentile
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | libtasn1-6 | < libtasn1-6 4.8-1 (bookworm) | libtasn1-6 4.8-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| gnu | libtasn1 | <= 4.7 | — |
| opensuse | opensuse | — | — |
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.9MEDIUM
vendor_debian5.9MEDIUM
vendor_redhat5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Libtasn1 vulnerability
vendor_ubuntu·2016-05-02
CVE-2016-4008 Libtasn1 vulnerability
Title: Libtasn1 vulnerability
Summary: Libtasn1 could be made to hang if it processed specially crafted data.
Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled
certain malformed DER certificates. A remote attacker could possibly use
this issue to cause applications using Libtasn1 to hang, resulting in a
denial of service.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Libtasn1 vulnerability
vendor_ubuntu·2016-05-02
CVE-2016-4008 Libtasn1 vulnerability
Title: Libtasn1 vulnerability
Summary: Libtasn1 could be made to hang if it processed specially crafted data.
USN-2957-1 fixed a vulnerability in Libtasn1. This update provides the
corresponding update for Ubuntu 16.04 LTS.
Original advisory details:
Pascal Cuoq and Miod Vallat discovered that Libtasn1 incorrectly handled
certain malformed DER certificates. A remote attacker could possibly use
this issue to cause applications using Libtasn1 to hang, resulting in a
denial of service.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
libtasn1: infinite loop while parsing DER certificates
vendor_redhat·2016-04-11·CVSS 5.9
CVE-2016-4008 [MEDIUM] CWE-835 libtasn1: infinite loop while parsing DER certificates
libtasn1: infinite loop while parsing DER certificates
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
Package: gnutls (Red Hat Enterprise Linux 5) - Will not fix
Package: libtasn1 (Red Hat Enterprise Linux 6) - Will not fix
Package: libtasn1 (Red Hat Enterprise Linux 7) - Will not fix
Package: mingw-virt-viewer (Red Hat Enterprise Virtualization 3) - Will not fix
Debian
CVE-2016-4008: libtasn1-6 - The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4....
vendor_debian·2016·CVSS 5.9
CVE-2016-4008 [MEDIUM] CVE-2016-4008: libtasn1-6 - The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4....
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
Scope: local
bookworm: resolved (fixed in 4.8-1)
bullseye: resolved (fixed in 4.8-1)
forky: resolved (fixed in 4.8-1)
sid: resolved (fixed in 4.8-1)
trixie: resolved (fixed in 4.8-1)
GHSA
GHSA-mr9j-58fj-gv7c: The _asn1_extract_der_octet function in lib/decoding
ghsa_unreviewed·2022-05-14
CVE-2016-4008 [MEDIUM] GHSA-mr9j-58fj-gv7c: The _asn1_extract_der_octet function in lib/decoding
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
OSV
CVE-2016-4008: The _asn1_extract_der_octet function in lib/decoding
osv·2016-05-05·CVSS 5.9
CVE-2016-4008 [MEDIUM] CVE-2016-4008: The _asn1_extract_der_octet function in lib/decoding
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-4008 libtasn1: infinite loop while parsing DER certificates [fedora-all]
bugzilla·2016-04-11·CVSS 5.9
CVE-2016-4008 [MEDIUM] CVE-2016-4008 libtasn1: infinite loop while parsing DER certificates [fedora-all]
CVE-2016-4008 libtasn1: infinite loop while parsing DER certificates [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions
Bugzilla
CVE-2016-4008 mingw-libtasn1: libtasn1: infinite loop while parsing DER certificates [fedora-all]
bugzilla·2016-04-11·CVSS 5.9
CVE-2016-4008 [MEDIUM] CVE-2016-4008 mingw-libtasn1: libtasn1: infinite loop while parsing DER certificates [fedora-all]
CVE-2016-4008 mingw-libtasn1: libtasn1: infinite loop while parsing DER certificates [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple su
Bugzilla
CVE-2016-4008 mingw-libtasn1: libtasn1: infinite loop while parsing DER certificates [epel-7]
bugzilla·2016-04-11·CVSS 5.9
CVE-2016-4008 [MEDIUM] CVE-2016-4008 mingw-libtasn1: libtasn1: infinite loop while parsing DER certificates [epel-7]
CVE-2016-4008 mingw-libtasn1: libtasn1: infinite loop while parsing DER certificates [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automatically created by: add-
Bugzilla
CVE-2016-4008 libtasn1: infinite loop while parsing DER certificates
bugzilla·2016-04-11·CVSS 5.9
CVE-2016-4008 [MEDIUM] CVE-2016-4008 libtasn1: infinite loop while parsing DER certificates
CVE-2016-4008 libtasn1: infinite loop while parsing DER certificates
The libtasn1 library, in its 4.7 version, can loop for a long time or indefinitely when it is used to parse DER representations of X509 certificates, leading to a denial of service. Some of these loops may in addition increase heap or stack usage, leading to more issues.
References (with reproducer):
http://seclists.org/oss-sec/2016/q2/51
Discussion:
Created libtasn1 tracking bugs for this issue:
Affects: fedora-all [bug 1325968]
---
Created mingw-libtasn1 tracking bugs for this issue:
Affects: fedora-all [bug 1325969]
Affects: epel-7 [bug 1325970]
---
CVE assignment:
http://seclists.org/oss-sec/2016/q2/66
---
libtasn1-4.8-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist,
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=f435825c0f527a8e52e6ffbc3ad0bc60531d537ehttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.htmlhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00047.htmlhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00097.htmlhttp://www.debian.org/security/2016/dsa-3568http://www.openwall.com/lists/oss-security/2016/04/11/3http://www.ubuntu.com/usn/USN-2957-1http://www.ubuntu.com/usn/USN-2957-2https://lists.gnu.org/archive/html/help-libtasn1/2016-04/msg00009.htmlhttps://security.gentoo.org/glsa/201703-05http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=f435825c0f527a8e52e6ffbc3ad0bc60531d537ehttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.htmlhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00047.htmlhttp://lists.opensuse.org/opensuse-updates/2016-06/msg00097.htmlhttp://www.debian.org/security/2016/dsa-3568http://www.openwall.com/lists/oss-security/2016/04/11/3http://www.ubuntu.com/usn/USN-2957-1http://www.ubuntu.com/usn/USN-2957-2https://lists.gnu.org/archive/html/help-libtasn1/2016-04/msg00009.htmlhttps://security.gentoo.org/glsa/201703-05
2016-05-05
Published