CVE-2018-0739
Constructed ASN.1 types with a recursive definition could exceed the stack
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).
Affected products
OpenSSL · OpenSSLWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://access.redhat.com/errata/RHSA-2018:3090https://access.redhat.com/errata/RHSA-2018:3221https://access.redhat.com/errata/RHSA-2018:3505https://access.redhat.com/errata/RHSA-2019:0366https://access.redhat.com/errata/RHSA-2019:0367https://access.redhat.com/errata/RHSA-2019:1711https://access.redhat.com/errata/RHSA-2019:1712https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9310d45087ae546e27e61ddf8f6367f29848220dhttps://lists.debian.org/debian-lts-announce/2018/03/msg00033.htmlhttps://nodejs.org/en/blog/vulnerability/march-2018-security-releases/https://securityadvisories.paloaltonetworks.com/Home/Detail/133