OpenSSL CVE-2018-0739 Denial of Service Vulnerability
by CIRT Team
Description: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe
Impact: An attacker can exploit this issue to cause denial-of-service conditions.
OpenSSL 1.1.0 users should upgrade to 1.1.0h
OpenSSL 1.0.2 users should upgrade to 1.0.2o
Mitigation: Updates are available. Please see the references or vendor advisory for more information.
Reference URL’s:
- https://www.openssl.org/news/secadv/20180327.txt
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory26.asc
- https://www.securityfocus.com/bid/103518/info
Recommended Posts
Cyber Threat Alert: Surge in Attacks via Compromised Third-Party Service Providers
08 Feb 2024 - Articles, English articles, Security Advisories & Alerts
Subscribe here
MEMBER OF:
