GnuTLS.libtasn1.ASN1.DER.Infinite.Loop.DoS

description-logoDescription

This indicates a Denial of Service attack attempt against a ASN.1 data parsing vulnerability in GnuTLS.
The vulnerability is due to improper processing DER certificates in libtasn1. A remote attacker can exploit this to cause denial of service conditions in affected machines.

affected-products-logoAffected Products

Free Software Foundation Libtasn1 prior to 4.8
Free Software Foundation GnuTLS 3.3.22 and prior

Impact logoImpact

Denial of Service: Remote attackers can exhaust CPU resources on the target system.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
http://seclists.org/oss-sec/2016/q2/66

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

1325965