The ASN.1 library used in GNUTLS through versions 4.13 allows for an infinite loop due to an issue in the _asn1_expand_object_id function. An attacker could exploit this via a crafted ASN.1 structure to causing high CPU usage until a resultant out-of-memory error