Trend Micro Security

GnuTLS Libtasn1 ASN.1 DER Infinite Loop Denial Of Service Vulnerability (CVE-2016-4008)

  危険度: : 緊急

  概要

A denial-of-service vulnerability exists in libtasn1, a component of GnuTLS. The vulnerability is due to a flaw in parsing ASN.1 data that causes libtasn1 to enter an infinite loop when processing a specially crafted DER-encoded input. A remote attacker can exploit this vulnerability in GnuTLS by sending a crafted ASN.1 certificate to a target application. Successful exploitation may result in a denial-of-service condition.

  トレンドマイクロの対策

Apply associated Trend Micro DPI Rules.

  対応方法

  Trend Micro Deep Security DPI Rule Number: 1008088