CVE-2018-0739 log

Source
Severity Medium
Remote No
Type Denial of service
Description
A stack-exhaustion issue has been found in OpenSSL <= 1.1.0h, where constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe.
Group Package Affected Fixed Severity Status Ticket
AVG-540 openssl 1.1.0.g-1 1.1.0.h-1 Medium Fixed
Date Advisory Group Package Severity Type
01 Apr 2018 ASA-201804-2 AVG-540 openssl Medium multiple issues
References
https://www.openssl.org/news/secadv/20180327.txt
https://github.com/openssl/openssl/commit/2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33