OpenSSL v1.0.2.n Release Notes
Release Date: 2018-03-27 // about 6 years ago-
- Constructed ASN.1 types with a recursive definition could exceed the stack
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe.
This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz project. [CVE-2018-0739][]
Matt Caswell