---

CVE-2018-0739 - log back

CVE-2018-0739 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Local
Type	+ Denial of service
Description	+ A stack-exhaustion issue has been found in OpenSSL <= 1.1.0h, where constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe.
References	+ https://www.openssl.org/news/secadv/20180327.txt + https://github.com/openssl/openssl/commit/2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33
Notes