Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201604-9 ======================================== Severity: Medium Date : 2016-04-17 CVE-ID : CVE-2016-4008 Package : libtasn1 Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package libtasn1 before version 4.8-1 is vulnerable to denial of service. Resolution ========= Upgrade to 4.8-1. # pacman -Syu "libtasn1>=4.8-1" The problem has been fixed upstream in version 4.8. Workaround ========= None. Description ========== The libtasn1 library, in its 4.7 version, can loop for a long time or indefinitely when it is used to parse DER representations of X.509 certificates, leading to a denial of service. Some of these loops may in addition increase heap or stack usage, leading to more issues. Impact ===== A remote attacker can cause an application using a vulnerable version of libtasn1 to loop indefinitely by sending a crafted X.509 certificate, causing a denial of service. References ========= https://access.redhat.com/security/cve/CVE-2016-4008 https://bugzilla.redhat.com/show_bug.cgi?id=1325965