OpenSSL v1.0.2.n

Version Release Notes from March 27, 2018 (about 6 years ago)

« Changelog History

OpenSSL v1.0.2.n Release Notes

Release Date: 2018-03-27 // about 6 years ago

- Constructed ASN.1 types with a recursive definition could exceed the stack
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe.

This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz project. [CVE-2018-0739][]

Matt Caswell

Awesome C++ is part of the LibHunt network. Terms. Privacy Policy.