Описание
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.
Отчет
This vulnerability is rated as low severity because it causes a denial of service by exhausting CPU resources, it impacts availability, it does not compromise system security or integrity. This flaw is in the asn1Parser binary included in libtasn1-tools RPM. The dynamic library libtasn1 and libtasn1-devel RPMs are not affected.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libtasn1 | Will not fix | ||
| Red Hat Enterprise Linux 7 | libtasn1 | Will not fix | ||
| Red Hat Enterprise Linux 8 | libtasn1 | Will not fix | ||
| Red Hat Enterprise Linux 8 | mingw-libtasn1 | Fix deferred | ||
| Red Hat Satellite 6 | libtasn1 | Will not fix | ||
| Red Hat Virtualization 4 | libtasn1 | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
4 Medium
CVSS3
Связанные уязвимости
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 c ...
EPSS
4 Medium
CVSS3