Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-34193

Limit recursive definition ASN.1 types with OpenSSL update

    XMLWordPrintable

    Details

    • Backwards Compatibility:
      Fully Compatible
    • Backport Requested:
      v3.6, v3.4, v3.2

      Description

      Constructed ASN.1 types with a recursive definition (as in PKCS7) could exceed stack given excessive recursion. No such structures within SSL/TLS come from untrusted sources so this is considered safe

      Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g).
      Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).

        Attachments

          Activity

            People

            Assignee:
            zakhar.kleyman Zakhar Kleyman
            Reporter:
            davi.ottenheimer Davi Ottenheimer
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: