GNU Libtasn1 CVE-2018-1000654 Denial of Service Vulnerability

Bugtraq ID:	105151
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2018-1000654
Remote:	Yes
Local:	No
Published:	Aug 12 2018 12:00AM
Updated:	Aug 12 2018 12:00AM
Credit:	Stuartly
Vulnerable:	Redhat Virtualization 4 Redhat Enterprise Linux 7 Redhat Enterprise Linux 6 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 GNU Libtasn1 4.13 GNU Libtasn1 4.12
Not Vulnerable:

GNU Libtasn1 CVE-2018-1000654 Denial of Service Vulnerability

GNU Libtasn1 is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to consume excessive CPU and memory resources, resulting in denial-of-service conditions.

GNU Libtasn1 versions 4.13 and 4.12 are vulnerable.

GNU Libtasn1 CVE-2018-1000654 Denial of Service Vulnerability

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

GNU Libtasn1 CVE-2018-1000654 Denial of Service Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

GNU Libtasn1 CVE-2018-1000654 Denial of Service Vulnerability

References:

• Bug 1621972 - (CVE-2018-1000654) CVE-2018-1000654 libtasn1: Infinite loop in _as (Red Hat Bugzilla)
  
• CVE-2018-1000654 (Red Hat Bugzilla)
  
• Detecting Bug in libtasn1-4.13 by fuzzing. (Libtasn1)
  
• GNU Libtasn1 Home Page (gnu)