Your submission was sent successfully! Close

CVE-2018-1000654

Published: 20 August 2018

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.

Priority

Negligible

CVSS 3 base score: 5.5

Status

Package Release Status
libtasn1-3
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

precise Ignored
(end of ESM support, was deferred [2018-10-09])
trusty Does not exist

upstream Needs triage

xenial Does not exist

libtasn1-6
Launchpad, Ubuntu, Debian
bionic Needs triage

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Not vulnerable
(4.16.0-2)
groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Not vulnerable
(4.16.0-2)
jammy Not vulnerable
(4.18.0-4)
precise Does not exist

trusty Needs triage

upstream
Released (4.14)
xenial
Released (4.7-3ubuntu0.16.04.3+esm2)

Notes

AuthorNote
mdeslaur
only an issue during at build time, not at runtime. As such,
marking as negigible
leosilva
no upstream fix as of 2018-10-09
rodrigo-zaiden
upstream released a fix on 2019-07.

References

Bugs