CVE-2015-3622 — libtasn1-6 - security update

Description

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.

How to fix CVE-2015-3622

To remediate CVE-2015-3622, upgrade the affected package to a fixed version below.

Debian/libtasn1-6—upgrade to 4.4-3 or later
Debian/libtasn1-6—upgrade to 4.2-3+deb8u1 or later

Is CVE-2015-3622 being exploited?

Moderate — EPSS is 6.1%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 4.4-3
from 0, < 4.2-3+deb8u1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2015-3622