« List of all CVEs

CVE-2018-0739

Constructed ASN.1 types with a recursive definition could exceed the stack

Published: 3/27/2018 Last updated: 9/16/2024 Reserved: 11/30/2017

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).

CNA assigner: openssl (3a12439a-ef3a-4c79-92e6-6081a721f1e5) Requested by: n/a

Opam packages affected (6)

conf-libcurl conf-libssl conf-mingw-w64-openssl-i686 conf-mingw-w64-openssl-x86_64 conf-openssl conf-srt-openssl

Products affected (1)

Product	Vendor	Version
OpenSSL	OpenSSL	13.2.2

References (68)

Credits (1)

OSS-fuzz