The ASN.1 library used in GNUTLS (libtasn1) through versions 4.13 allows for an infinite loop due to an issue in the _asn1_expand_object_id(p_tree) function. An attacker could exploit this via a crafted ASN.1 structure to causing high CPU usage until a resultant out-of-memory error. Upstream Issue: https://gitlab.com/gnutls/libtasn1/issues/4
Created libtasn1 tracking bugs for this issue: Affects: fedora-all [bug 1621973] Created mingw-libtasn1 tracking bugs for this issue: Affects: epel-7 [bug 1621975] Affects: fedora-all [bug 1621974]
As nmav@ noted in the upstream ticket, this is an issue affecting the "compile-time" parsing of ASN.1 definitions and not runtime code that parses ASN.1 structures with a fixed definition (eg gnutls). Specifically, asn1_parser2tree() when called with an invalid recursive ASN.1 definition can enter an infinite loop. Generally, the ASN.1 definition parser is not exposed to untrusted inputs and asn1_parser2tree() offers no worst-case performance guarantees.
Statement: This flaw is in the asn1Parser binary included in libtasn1-tools RPM. The dynamic library libtasn1 and libtasn1-devel RPMs are not affected.