[3.10] libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion (CVE-2018-1000654)
The ASN.1 library used in GNUTLS (libtasn1) through versions 4.13 allows
for an infinite loop due to an issue in the
_asn1_expand_object_id(p_tree) function.
An attacker could exploit this via a crafted ASN.1 structure to causing
high CPU usage until a resultant out-of-memory error.
References:
https://gitlab.com/gnutls/libtasn1/issues/4
https://nvd.nist.gov/vuln/detail/CVE-2018-1000654
(from redmine: issue id 10518, created on 2019-05-31)
- Relations:
- parent #10517 (closed)