Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
635
VMScore

CVE-2018-1000654

Published: 20/08/2018 Updated: 07/11/2023
CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 635
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Subscribe to Gnu

Vulnerability Summary

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu libtasn1 4.12

gnu libtasn1 4.13

Vendor Advisories

Debian CVElist Bug Report Logs: libtasn-1: CVE-2018-1000654
Debian Bug report logs - #906768 libtasn-1: CVE-2018-1000654 Package: src:libtasn1-6; Maintainer for src:libtasn1-6 is Debian GnuTLS Maintainers <pkg-gnutls-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 20 Aug 2018 20:21:02 UTC Severity: important Tags: security, ups ...
Red Hat: CVE-2018-1000654
GNU Libtasn1-413 libtasn1-413 version libtasn1-413, libtasn1-412 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed This attack appears to be exploitable via parsing a crafted file ...

References

NVD-CWE-noinfohttps://gitlab.com/gnutls/libtasn1/issues/4http://www.securityfocus.com/bid/105151http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.htmlhttps://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906768https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2018-1000654
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook