OpenSSL CVE-2018-0739 Denial of Service Vulnerability

by CIRT Team

Description: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe

Impact: An attacker can exploit this issue to cause denial-of-service conditions.

OpenSSL 1.1.0 users should upgrade to 1.1.0h

OpenSSL 1.0.2 users should upgrade to 1.0.2o

Mitigation: Updates are available. Please see the references or vendor advisory for more information.

Reference URL’s:

• https://www.openssl.org/news/secadv/20180327.txt
• http://aix.software.ibm.com/aix/efixes/security/openssl_advisory26.asc
• https://www.securityfocus.com/bid/103518/info

CIRT Team

Recommended Posts

Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh

06 Nov 2024 - Security Advisories & Alerts

Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages

08 Oct 2024 - Security Advisories & Alerts

Detection of Fog Ransomware Footprint in Cyber Space of Bangladesh

12 Sep 2024 - Security Advisories & Alerts