Описание
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. T...
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | 2023.11-5 |
| esm-apps/bionic | needs-triage | |
| esm-apps/xenial | needs-triage | |
| esm-infra/focal | needed | |
| focal | ignored | end of standard support, was needed |
| jammy | needed | |
| kinetic | ignored | end of life, was needs-triage |
| lunar | ignored | end of life, was needs-triage |
| mantic | ignored | end of life, was needed |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | uses system openssl1.0 |
| devel | not-affected | uses system openssl |
| esm-apps/bionic | not-affected | uses system openssl |
| esm-apps/focal | not-affected | uses system openssl |
| esm-apps/jammy | released | 12.22.9~dfsg-1ubuntu3.4 |
| esm-apps/noble | not-affected | uses system openssl |
| esm-apps/xenial | not-affected | uses system openssl |
| esm-infra-legacy/trusty | not-affected | uses system openssl |
| focal | not-affected | uses system openssl |
| jammy | released | 12.22.9~dfsg-1ubuntu3.4 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.1.1-1ubuntu2.1~18.04.23 |
| devel | released | 3.0.8-1ubuntu3 |
| esm-infra-legacy/trusty | released | 1.0.1f-1ubuntu2.27+esm9 |
| esm-infra/bionic | released | 1.1.1-1ubuntu2.1~18.04.23 |
| esm-infra/focal | released | 1.1.1f-1ubuntu2.19 |
| esm-infra/xenial | released | 1.0.2g-1ubuntu4.20+esm9 |
| fips-preview/jammy | released | 3.0.2-0ubuntu1.10+Fips1 |
| fips-updates/bionic | released | 1.1.1-1ubuntu2.fips.2.1~18.04.23 |
| fips-updates/focal | released | 1.1.1f-1ubuntu2.fips.19 |
| fips-updates/jammy | released | 3.0.2-0ubuntu1.10+Fips1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.0.2n-1ubuntu5.13 |
| devel | DNE | |
| esm-infra/bionic | released | 1.0.2n-1ubuntu5.13 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| lunar | DNE | |
| mantic | DNE | |
| noble | DNE |
Показывать по
6.5 Medium
CVSS3
Связанные уязвимости
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. T...
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. T
Issue summary: Processing some specially crafted ASN.1 object identifi ...
6.5 Medium
CVSS3