CVE-2018-0739

Constructed ASN.1 types with a recursive definition could exceed the stack

Severity Score

6.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).

Los tipos constructed ASN.1 con una definición recursiva (como la que podemos encontrar en PKCS7) podrían acabar excediendo la pila debido a entradas maliciosas con recursión excesiva. Esto podría dar como resultado un ataque de denegación de servicio (DoS). No hay estructuras de este tipo empleadas en SSL/TLS que provengan de fuentes no fiables, por lo que se consideran seguras. Solucionado en OpenSSL 1.1.0h (versiones 1.1.0-1.1.0g afectadas). Solucionado en OpenSSL 1.0.2o (versiones 1.0.2b-1.0.2n afectadas).

Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 1 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked to in the References section. Issues addressed include bypass, denial of service, null pointer, out of bounds write, traversal, and use-after-free vulnerabilities.

*Credits: OSS-fuzz

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-11-30 CVE Reserved
2018-03-27 CVE Published
2024-09-16 CVE Updated
2025-07-06 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-400: Uncontrolled Resource Consumption
CWE-674: Uncontrolled Recursion

CAPEC

References (36)

URL	Tag	Source
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	X_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	X_refsource_confirm
http://www.securityfocus.com/bid/103518	Third Party Advisory
http://www.securityfocus.com/bid/105609	Vdb Entry
http://www.securitytracker.com/id/1040576	Third Party Advisory
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33	X_refsource_confirm
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9310d45087ae546e27e61ddf8f6367f29848220d	X_refsource_confirm
https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html	Mailing List
https://nodejs.org/en/blog/vulnerability/march-2018-security-releases	X_refsource_confirm
https://security.netapp.com/advisory/ntap-20180330-0002	Third Party Advisory
https://security.netapp.com/advisory/ntap-20180726-0002	X_refsource_confirm
https://securityadvisories.paloaltonetworks.com/Home/Detail/133	X_refsource_confirm
https://www.oracle.com//security-alerts/cpujul2021.html	X_refsource_misc
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	X_refsource_misc
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	X_refsource_confirm
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	X_refsource_misc
https://www.tenable.com/security/tns-2018-04	X_refsource_confirm
https://www.tenable.com/security/tns-2018-06	X_refsource_confirm
https://www.tenable.com/security/tns-2018-07	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html	2023-11-07

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2018:3090	2023-11-07
https://access.redhat.com/errata/RHSA-2018:3221	2023-11-07
https://access.redhat.com/errata/RHSA-2018:3505	2023-11-07
https://access.redhat.com/errata/RHSA-2019:0366	2023-11-07
https://access.redhat.com/errata/RHSA-2019:0367	2023-11-07
https://access.redhat.com/errata/RHSA-2019:1711	2023-11-07
https://access.redhat.com/errata/RHSA-2019:1712	2023-11-07
https://security.gentoo.org/glsa/201811-21	2023-11-07
https://security.gentoo.org/glsa/202007-53	2023-11-07
https://usn.ubuntu.com/3611-1	2023-11-07
https://usn.ubuntu.com/3611-2	2023-11-07
https://www.debian.org/security/2018/dsa-4157	2023-11-07
https://www.debian.org/security/2018/dsa-4158	2023-11-07
https://www.openssl.org/news/secadv/20180327.txt	2023-11-07
https://access.redhat.com/security/cve/CVE-2018-0739	2019-07-09
https://bugzilla.redhat.com/show_bug.cgi?id=1561266	2019-07-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				>= 1.0.2b <= 1.0.2n Search vendor "Openssl" for product "Openssl" and version " >= 1.0.2b <= 1.0.2n"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				>= 1.1.0 <= 1.1.0g Search vendor "Openssl" for product "Openssl" and version " >= 1.1.0 <= 1.1.0g"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				17.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "17.10"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected