All errata/sisyphus/ALT-PU-2019-2415-1
ALT-PU-2019-2415-1

Package update libtasn1 in branch sisyphus

Version4.14-alt1
Task#235791
Published2019-08-08
Max severityMEDIUM
Severity:

Closed issues (2)

BDU:2019-02509
MEDIUM5.5

Уязвимость функции _asn1_expand_object_id (p_tree) библиотеки Libtasn1 операционной системы Debian GNU/Linux, связанная с ошибками управления ресурсом, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-07-16Modified: 2026-02-10
CVSS 3.xMEDIUM 5.5
CVSS:3.x/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.0HIGH 7.1
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C
References
CVE-2018-1000654
MEDIUM5.5

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.

Published: 2018-08-20Modified: 2024-11-21
CVSS 2.0HIGH 7.1
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References