MGASA-2018-0190

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2018-0739

Published: 03 Apr 2018, 18:48

Last modified:16 Apr 2026, 06:23

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

03 Apr 2018, 18:48

Published

Vulnerability first disclosed

16 Apr 2026, 06:23

Last Modified

Vulnerability information updated

Description

Updated openssl packages fix security vulnerability Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe (CVE-2018-0739).

Affected Systems

mageia•openssl
< 1.0.2o-1.mga5
mageia•openssl
< 1.0.2o-1.mga6

References (3)

https://advisories.mageia.org/MGASA-2018-0190.html
https://bugs.mageia.org/show_bug.cgi?id=22842
https://www.openssl.org/news/secadv/20180327.txt