CVE-2016-4008
Description
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
5.049
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Library to manage ASN.1 structures (USN-2957-1) libtasn1-3_2.10-1ubuntu1.5_i386.deb | Linux |
| Library to manage ASN.1 structures (USN-2957-1) libtasn1-3_2.10-1ubuntu1.5_amd64.deb | Linux |
| Library to manage ASN.1 structures (USN-2957-1) libtasn1-6_3.4-3ubuntu0.4_i386.deb | Linux |
| Library to manage ASN.1 structures (USN-2957-1) libtasn1-6_3.4-3ubuntu0.4_amd64.deb | Linux |
| Library to manage ASN.1 structures (USN-2957-1) libtasn1-6_4.5-2ubuntu0.1_i386.deb | Linux |
| Library to manage ASN.1 structures (USN-2957-1) libtasn1-6_4.5-2ubuntu0.1_amd64.deb | Linux |
| Library to manage ASN.1 structures (USN-2957-2) libtasn1-6_4.7-3ubuntu0.16.04.1_i386.deb | Linux |
| Library to manage ASN.1 structures (USN-2957-2) libtasn1-6_4.7-3ubuntu0.16.04.1_amd64.deb | Linux |
| SUSE-SU-2016:1600-1(SUSE Linux Enterprise Server 11-SP4 ) libtasn1-1.5-1.34.1.x86_64.rpm | Linux |
| SUSE-SU-2016:1600-1(SUSE Linux Enterprise Server 11-SP4 ) libtasn1-3-1.5-1.34.1.x86_64.rpm | Linux |
| SUSE-SU-2016:1600-1(SUSE Linux Enterprise Server 11-SP4 ) libtasn1-3-32bit-1.5-1.34.1.x86_64.rpm | Linux |
| SUSE-SU-2016:1601-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtasn1-3.7-11.1.x86_64.rpm | Linux |
| SUSE-SU-2016:1601-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtasn1-6-3.7-11.1.x86_64.rpm | Linux |
| SUSE-SU-2016:1601-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtasn1-6-32bit-3.7-11.1.x86_64.rpm | Linux |
| SUSE-SU-2016:1601-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtasn1-6-debuginfo-3.7-11.1.x86_64.rpm | Linux |
| SUSE-SU-2016:1601-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtasn1-6-debuginfo-32bit-3.7-11.1.x86_64.rpm | Linux |
| SUSE-SU-2016:1601-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtasn1-debuginfo-3.7-11.1.x86_64.rpm | Linux |
| SUSE-SU-2016:1601-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtasn1-debugsource-3.7-11.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234