CVE-2018-1000654

Name: CVE-2018-1000654
Creator: NVD / NIST
Published: 2018-08-20T19:31:44.87+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.01%

Last modified Jun 17, 2026

CVE-2018-1000654 is a vulnerability of currently unknown severity. GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.. EPSS estimates a 2.01% chance of exploitation in the next 30 days.

Description

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.

Metrics

EPSS Probability

2.01%

78.3th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Gnu	Libtasn1	4.12
Gnu	Libtasn1	4.13

References

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html
http://www.securityfocus.com/bid/105151Third Party Advisory, VDB Entry
https://gitlab.com/gnutls/libtasn1/issues/4Exploit, Third Party Advisory
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html
http://www.securityfocus.com/bid/105151Third Party Advisory, VDB Entry
https://gitlab.com/gnutls/libtasn1/issues/4Exploit, Third Party Advisory
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

Timeline

Published: Aug 20, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-1000654?

How severe is CVE-2018-1000654?

Severity scoring for CVE-2018-1000654 is pending analysis. The EPSS model estimates a 2.01% probability of exploitation in the next 30 days.

How do I fix CVE-2018-1000654?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-1000654?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST