Bug 1561266 (CVE-2018-0739) - CVE-2018-0739 openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service
Summary: CVE-2018-0739 openssl: Handling of crafted recursive ASN.1 structures can cau...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-0739
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1561267 1561268 1561269 1563285 1563286 1563287 1563288 1563289
Blocks: 1561270
TreeView+ depends on / blocked
 
Reported: 2018-03-28 01:16 UTC by Sam Fowler
Modified: 2019-09-29 14:35 UTC (History)
44 users (show)

Fixed In Version: openssl 1.1.0h, openssl 1.0.2o
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-10 10:18:59 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:3090 None None None 2018-10-30 07:36:07 UTC
Red Hat Product Errata RHSA-2018:3221 None None None 2018-10-30 07:51:25 UTC
Red Hat Product Errata RHSA-2019:0366 None None None 2019-02-18 16:55:49 UTC
Red Hat Product Errata RHSA-2019:0367 None None None 2019-02-18 16:58:30 UTC
Red Hat Product Errata RHSA-2019:1711 None None None 2019-07-09 12:55:00 UTC
Red Hat Product Errata RHSA-2019:1712 None None None 2019-07-09 13:56:23 UTC

Description Sam Fowler 2018-03-28 01:16:17 UTC
OpenSSL versions 1.0.2 and 1.1.0 have a vulnerability in the handling of recursive ASN.1 structures. Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe.


External References:

https://www.openssl.org/news/secadv/20180327.txt


Upstream Patches:

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9310d45087ae546e27e61ddf8f6367f29848220d

Comment 1 Sam Fowler 2018-03-28 01:17:08 UTC
Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1561269]


Created mingw-openssl tracking bugs for this issue:

Affects: epel-7 [bug 1561267]

Comment 7 Fedora Update System 2018-04-09 13:26:57 UTC
compat-openssl10-1.0.2o-1.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2018-04-09 18:35:21 UTC
compat-openssl10-1.0.2o-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2018-04-09 19:09:15 UTC
compat-openssl10-1.0.2o-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.

Comment 11 errata-xmlrpc 2018-10-30 07:35:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:3090 https://access.redhat.com/errata/RHSA-2018:3090

Comment 12 errata-xmlrpc 2018-10-30 07:51:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:3221 https://access.redhat.com/errata/RHSA-2018:3221

Comment 13 errata-xmlrpc 2019-02-18 16:55:47 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Core Services

Via RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0366

Comment 14 errata-xmlrpc 2019-02-18 16:58:28 UTC
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 6
  JBoss Core Services on RHEL 7

Via RHSA-2019:0367 https://access.redhat.com/errata/RHSA-2019:0367

Comment 16 errata-xmlrpc 2019-07-09 12:54:58 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Web Server 3 for RHEL 7
  Red Hat JBoss Web Server 3 for RHEL 6

Via RHSA-2019:1711 https://access.redhat.com/errata/RHSA-2019:1711

Comment 17 errata-xmlrpc 2019-07-09 13:56:21 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Web Server

Via RHSA-2019:1712 https://access.redhat.com/errata/RHSA-2019:1712


Note You need to log in before you can comment on or make changes to this bug.