Intrusion Prevention

GnuTLS.libtasn1.ASN1.DER.Infinite.Loop.DoS

Description

This indicates a Denial of Service attack attempt against a ASN.1 data parsing vulnerability in GnuTLS.
The vulnerability is due to improper processing DER certificates in libtasn1. A remote attacker can exploit this to cause denial of service conditions in affected machines.

Affected Products

Free Software Foundation Libtasn1 prior to 4.8
Free Software Foundation GnuTLS 3.3.22 and prior

Impact

Denial of Service: Remote attackers can exhaust CPU resources on the target system.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
http://seclists.org/oss-sec/2016/q2/66

CVE References

CVE-2016-4008

Other References

1325965