Vulnerability CVE-2018-0739: Information
Description
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
openssl10 | p9 | 1.0.2o-alt1 | 1.0.2u-alt1.p9.2 | ALT-PU-2018-1554-1 | 203067 | Fixed |
openssl10 | c9f2 | 1.0.2o-alt1 | 1.0.2u-alt1.p9.1 | ALT-PU-2018-1554-1 | 203067 | Fixed |