CVE-2018-0739 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Denial of service
Description	A stack-exhaustion issue has been found in OpenSSL <= 1.1.0h, where constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-540	openssl	1.1.0.g-1	1.1.0.h-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
01 Apr 2018	ASA-201804-2	AVG-540	openssl	Medium	multiple issues

References
https://www.openssl.org/news/secadv/20180327.txt https://github.com/openssl/openssl/commit/2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33