CVE-2018-0739

CVE Database · CVE-2018-0739

CVE-2018-0739

· N/AModified

CVSS v3.1

N/A

EPSS

19.30%

Published

Mar 27, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).

Weaknesses (CWE)

CWE-674

Affected Products (8)

openssl · opensslvulnerable

canonical · ubuntu_linuxvulnerable

debian · debian_linuxvulnerable

References (20)

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

PatchThird Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.securityfocus.com/bid/103518