OpenSSL CVE-2018-0739 Denial of Service Vulnerability
Description: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe
Impact: An attacker can exploit this issue to cause denial-of-service conditions.
OpenSSL 1.1.0 users should upgrade to 1.1.0h
OpenSSL 1.0.2 users should upgrade to 1.0.2o
Mitigation: Updates are available. Please see the references or vendor advisory for more information.
- Report Incident▼