CVE-2018-0739 log

Severity Medium
Remote No
Type Denial of service
A stack-exhaustion issue has been found in OpenSSL <= 1.1.0h, where constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe.
Group Package Affected Fixed Severity Status Ticket
AVG-540 openssl 1.1.0.g-1 1.1.0.h-1 Medium Fixed
Date Advisory Group Package Severity Type
01 Apr 2018 ASA-201804-2 AVG-540 openssl Medium multiple issues