CVE-2018-1000654 Information

Feb 14, 2021 cve

Description

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13 libtasn1-4.12 contains a DoS specifically CPU usage will reach 100 when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree) after a long time the program will be killed. This attack appears to be exploitable via parsing a crafted file.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Reference

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html http://www.securityfocus.com/bid/105151 https://gitlab.com/gnutls/libtasn1/issues/4

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.5

Share on: