| Errata ID | 65 |
|---|---|
| Date | 2018-05-16 |
| Source package | openssl1.0 |
| Fixed in version | 1.0.2l-2+deb9u3 |
| Description | This update addresses the following issue: * Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. (CVE-2018-0739) |
| Additional notes | |
| CVE ID | CVE-2018-0739 |
| UCS Bug number | #46776 |
