The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
2016-05-05T18:59:10.380
2025-04-12T10:46:40.837
Deferred
CVSSv3.0: 5.9 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:N/A:P
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | canonical | ubuntu_linux | 12.04 | Yes |
| Operating System | canonical | ubuntu_linux | 14.04 | Yes |
| Operating System | canonical | ubuntu_linux | 15.10 | Yes |
| Operating System | canonical | ubuntu_linux | 16.04 | Yes |
| Operating System | opensuse | opensuse | 13.2 | Yes |
| Application | gnu | libtasn1 | ≤ 4.7 | Yes |
| Operating System | fedoraproject | fedora | 22 | Yes |
| Operating System | fedoraproject | fedora | 23 | Yes |
| Operating System | fedoraproject | fedora | 24 | Yes |