OpenSSL CVE-2018-0739 Denial of Service Vulnerability

Description: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe

Impact: An attacker can exploit this issue to cause denial-of-service conditions.

OpenSSL 1.1.0 users should upgrade to 1.1.0h

OpenSSL 1.0.2 users should upgrade to 1.0.2o

Mitigation: Updates are available. Please see the references or vendor advisory for more information.

Reference URL’s: