[gnutls-devel] libtasn1 | Parsing a certificate containing numerous names or name constraints leads to a DoS attack (#52)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Fri Feb 7 10:38:15 CET 2025
Andreas Stieger commented: https://gitlab.com/gnutls/libtasn1/-/issues/52#note_2336379502
Thank. The "uses 100% of CPU" part of this issue should be treated with a grain of salt. This is simply the machine attempting to solve a single-threaded while not limited by IO. You actually *want* it to do it as fast as possible, that is not a security issue in itself. The part where the scaling factor is undesirable, however, is.
Do you agree with CVSS v3.1 base [3.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)?](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L&version=3.1)
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/52#note_2336379502
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250207/b3aa62c1/attachment.html>
More information about the Gnutls-devel
mailing list