Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 3.2.20, 3.4.15, 3.6.4, 3.7.4
Affects Version/s: None
Component/s: Security
Labels:
- SWNA
- security

Backwards Compatibility:
Fully Compatible
Backport Requested:

v3.6, v3.4, v3.2
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Constructed ASN.1 types with a recursive definition (as in PKCS7) could exceed stack given excessive recursion. No such structures within SSL/TLS come from untrusted sources so this is considered safe

Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g).
Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).

Assignee:: Zakhar Kleyman
Reporter:: Davi Ottenheimer (Inactive)
Participants:: Davi Ottenheimer, Gregory McKeon, Zakhar Kleyman
Votes:: 0 Vote for this issue
Watchers:: 10 Start watching this issue

Created:: Mar 29 2018 04:57:43 PM UTC
Updated:: Oct 29 2023 10:33:14 PM UTC
Resolved:: Apr 18 2018 02:47:40 PM UTC

Details

Description

Attachments

Activity

People

Dates