CVE-2018-1000654

CWE-20Improper Input ValidationCWE-400Uncontrolled Resource Consumption11 documents8 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 68.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Libtasn1
Timeline
PublishedAug 20
Latest updateMay 13

Description

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debianlibtasn1-6< 4.14-2+3
NVDgnu/libtasn14.12, 4.13+1

🔴Vulnerability Details

3
GHSA
GHSA-g69v-w5wh-rhwv: GNU Libtasn1-42022-05-13
OSV
CVE-2018-1000654: GNU Libtasn1-42018-08-20
CVEList
CVE-2018-1000654: GNU Libtasn1-42018-08-20

📋Vendor Advisories

3
Ubuntu
Libtasn1 vulnerability2022-03-28
Red Hat
libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion2018-08-12
Debian
CVE-2018-1000654: libtasn1-6 - GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a ...2018

💬Community

4
Bugzilla
CVE-2018-1000654 mingw-libtasn1: libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion [epel-7]2018-08-24
Bugzilla
CVE-2018-1000654 libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion [fedora-all]2018-08-24
Bugzilla
CVE-2018-1000654 libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion2018-08-24
Bugzilla
CVE-2018-1000654 mingw-libtasn1: libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion [fedora-all]2018-08-24
CVE-2018-1000654 (MEDIUM CVSS 5.5) | GNU Libtasn1-4.13 libtasn1-4.13 ver | cvebase.io