Package : libtasn1-3
Version : 2.13-2+deb7u3
CVE ID : CVE-2016-4008
- CVE-2016-4008: infinite loop while parsing DER certificates
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1
before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag,
allows remote attackers to cause a denial of service
(infinite recursion) via a crafted certificate.
For Debian 7 "Wheezy", these problems have been fixed in version
We recommend that you upgrade your libtasn1-3 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS