CVE-2013-7488: 
Rocky Linux vulnerability analysis and mitigation

CVE-2013-7488 affects perl-Convert-ASN1 (also known as the Convert::ASN1 module for Perl) through version 0.27. The vulnerability allows remote attackers to cause an infinite loop via unexpected input (NVD, MITRE).

The vulnerability has a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The issue is classified as CWE-835 (Loop with Unreachable Exit Condition - 'Infinite Loop'). The vulnerability specifically occurs in the decoding process where unsafe input can trigger an infinite loop in the _decode.pm file, particularly in two do loops on lines 636 and 690 (GitHub Issue).

When exploited, this vulnerability can cause a denial of service condition through an infinite loop that continuously spews warnings. This can affect applications using Convert::ASN1 for ASN.1 data structure encoding and decoding, particularly impacting availability. The issue can also manifest when using Convert::PEM with incorrect passwords (GitHub Issue).

A fix has been implemented by adding position checks to the two do loops in _decode.pm. The fix ensures that the position doesn't exceed the end of the input during decoding. Various distributions have released patches, including Fedora which addressed the issue in versions 0.27-21.fc33 and 0.27-19.fc32 (Fedora Update).