CVE-2018-0739

Опубликовано: 27 мар. 2018

Источник: redhat

CVSS3: 6.5

Описание

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	openssl	Out of support scope
Red Hat Enterprise Linux 5	openssl097a	Out of support scope
Red Hat Enterprise Linux 6	openssl	Will not fix
Red Hat Enterprise Linux 6	openssl098e	Will not fix
Red Hat Enterprise Linux 7	openssl098e	Will not fix
Red Hat Enterprise Linux 7	OVMF	Will not fix
Red Hat Enterprise Linux 8	openssl	Not affected
Red Hat JBoss Enterprise Application Platform 5	openssl	Will not fix
Red Hat JBoss Enterprise Application Platform 6	openssl	Will not fix
Red Hat JBoss Enterprise Web Server 2	openssl	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-674->CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=1561266openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2018-0739

CVSS3: 6.5

ubuntu

около 7 лет назад

CVE-2018-0739

CVSS3: 6.5

nvd

около 7 лет назад

CVE-2018-0739

CVSS3: 6.5

debian

около 7 лет назад

Constructed ASN.1 types with a recursive definition (such as can be fo ...

openSUSE-SU-2018:2238-1

suse-cvrf

почти 7 лет назад

Security update for ovmf

openSUSE-SU-2018:2208-1

suse-cvrf

почти 7 лет назад

Security update for ovmf

6.5 Medium

CVSS3