CVE-2018-6003

An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
gnulibtasn1
𝑥
≤ 4.12
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libtasn1-6
bullseye
4.16.0-2+deb11u1
fixed
jessie
not-affected
bookworm
4.19.0-2
fixed
sid
4.19.0-3
fixed
trixie
4.19.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libtasn1-3
artful
dne
xenial
dne
trusty
dne
libtasn1-6
artful
Fixed 4.12-2.1ubuntu0.1
released
xenial
Fixed 4.7-3ubuntu0.16.04.3
released
trusty
not-affected
Common Weakness Enumeration
References
http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97
https://bugzilla.redhat.com/show_bug.cgi?id=1535926
https://bugzilla.suse.com/show_bug.cgi?id=1076832
https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
https://www.debian.org/security/2018/dsa-4106
http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97
https://bugzilla.redhat.com/show_bug.cgi?id=1535926
https://bugzilla.suse.com/show_bug.cgi?id=1076832
https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
https://www.debian.org/security/2018/dsa-4106