Home

CVE-2018-0739

Description

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
11.274

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2018-0739 are fixed in OpenSSL (x64) 1.0.2oWindows
Vulnerabilities CVE-2018-0739,CVE-2018-0733,CVE-2017-3738 are fixed in OpenSSL (x64) 1.1.0hWindows
Multiple vulnerabilities affected in Mysql 5.6.21Windows
Multiple vulnerabilities affected in Mysql 5.6.22Windows
Multiple vulnerabilities affected in Mysql 5.6.23Windows
Multiple vulnerabilities affected in Mysql 5.6.24Windows
Multiple vulnerabilities affected in Mysql 5.6.25Windows
Multiple vulnerabilities affected in Mysql 5.6.26Windows
Multiple vulnerabilities affected in Mysql 5.6.35Windows
Multiple vulnerabilities affected in Mysql 5.6.9Windows
Multiple Vulnerabilities are affected in Mysql 8.0.11Windows
Vulnerabilities CVE-2018-0739,CVE-2018-7160,CVE-2018-7158,CVE-2018-7159 are fixed in Node.js 10 (10.24.1)Windows
Vulnerabilities CVE-2018-0739,CVE-2018-7160,CVE-2018-7158,CVE-2018-7159 are fixed in Node.js 16 (x64) (16.14.0)Windows
Vulnerabilities CVE-2018-0739,CVE-2018-7160,CVE-2018-7158,CVE-2018-7159 are fixed in Node.js 16 (16.14.0)Windows
Vulnerabilities CVE-2018-0739,CVE-2018-7160,CVE-2018-7158,CVE-2018-7159 are fixed in Node.js 8 8.11.0Windows
Vulnerabilities CVE-2018-0739,CVE-2018-7160,CVE-2018-7158,CVE-2018-7159 are fixed in Node.js 8 (x64) 8.11.0Windows
Vulnerabilities CVE-2018-0739,CVE-2018-7160,CVE-2018-7158,CVE-2018-7159 are fixed in Node.js 9.10.0Windows
Vulnerabilities CVE-2018-0739,CVE-2018-7160,CVE-2018-7158,CVE-2018-7159 are fixed in Node.js 4.9.0Windows
Multiple vulnerabilities are fixed in Updates for Oracle VM VirtualBox (5.2.10)Windows
Multiple vulnerabilities are affected in Mysql 5.6.40Windows
Multiple vulnerabilities are affected in Mysql 5.7.22Windows
Vulnerabilities CVE-2017-0379,CVE-2018-0739 are affected in MySQL Workbench Enterprise Edition 8.0.11Windows
Vulnerabilities CVE-2017-0379,CVE-2018-0739 are affected in MySQL Workbench CE (x64) 8.0.11Windows
Vulnerabilities CVE-2017-3738,CVE-2018-0733,CVE-2018-0739 are fixed in Nessus 5.5.0Windows
Vulnerabilities CVE-2017-3738,CVE-2018-0733,CVE-2018-0739 are fixed in Tenable Nessus 5.5.0Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0.12.0Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.55Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.56Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.57Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.0Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.2.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.3.0Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.3.1Windows
Multiple Vulnerabilities are affected in IBM MQ 8.0Windows
Secure Socket Layer (SSL) cryptographic library and tools (USN-3611-1) libssl1.0.0_1.0.1f-1ubuntu2.24_i386.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3611-1) libssl1.0.0_1.0.1f-1ubuntu2.24_amd64.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3611-1) libssl1.0.0_1.0.2g-1ubuntu13.4_i386.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3611-1) libssl1.0.0_1.0.2g-1ubuntu13.4_amd64.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3611-1) libssl1.0.0_1.0.2g-1ubuntu4.11_i386.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3611-1) libssl1.0.0_1.0.2g-1ubuntu4.11_amd64.debLinux
openssl security update(DSA-4157-1) openssl_1.0.1t-1+deb8u8_i386.debLinux
openssl security update(DSA-4157-1) openssl_1.0.1t-1+deb8u8_amd64.debLinux
(RHSA-2018:3090) ovmf security, bug fix, and enhancement update OVMF-20180508-3.gitee3198e672e2.el7.noarch.rpmLinux
SUSE-SU-2018:0925-1(SUSE Linux Enterprise Desktop 12-SP2 ) libopenssl-devel-1.0.2j-60.24.1.x86_64.rpmLinux
SUSE-SU-2018:0925-1(SUSE Linux Enterprise Desktop 12-SP2 ) libopenssl1_0_0-1.0.2j-60.24.1.x86_64.rpmLinux
SUSE-SU-2018:0925-1(SUSE Linux Enterprise Desktop 12-SP2 ) libopenssl1_0_0-32bit-1.0.2j-60.24.1.x86_64.rpmLinux
SUSE-SU-2018:0925-1(SUSE Linux Enterprise Desktop 12-SP2 ) libopenssl1_0_0-debuginfo-1.0.2j-60.24.1.x86_64.rpmLinux
SUSE-SU-2018:0925-1(SUSE Linux Enterprise Desktop 12-SP2 ) libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.24.1.x86_64.rpmLinux
SUSE-SU-2018:0925-1(SUSE Linux Enterprise Server 12-SP2 ) libopenssl1_0_0-hmac-1.0.2j-60.24.1.x86_64.rpmLinux
SUSE-SU-2018:0925-1(SUSE Linux Enterprise Server 12-SP2 ) libopenssl1_0_0-hmac-32bit-1.0.2j-60.24.1.x86_64.rpmLinux
SUSE-SU-2018:0925-1(SUSE Linux Enterprise Desktop 12-SP2 ) openssl-1.0.2j-60.24.1.x86_64.rpmLinux
SUSE-SU-2018:0925-1(SUSE Linux Enterprise Desktop 12-SP2 ) openssl-debuginfo-1.0.2j-60.24.1.x86_64.rpmLinux
SUSE-SU-2018:0925-1(SUSE Linux Enterprise Desktop 12-SP2 ) openssl-debugsource-1.0.2j-60.24.1.x86_64.rpmLinux
SUSE-SU-2018:0925-1(SUSE Linux Enterprise Server 12-SP2 ) openssl-doc-1.0.2j-60.24.1.noarch.rpmLinux
SUSE-SU-2018:2158-1(SUSE Linux Enterprise Server 12-SP3 ) ovmf-2017+git1492060560.b6d11d7c46-4.9.4.x86_64.rpmLinux
SUSE-SU-2018:2158-1(SUSE Linux Enterprise Server 12-SP3 ) ovmf-tools-2017+git1492060560.b6d11d7c46-4.9.4.x86_64.rpmLinux
SUSE-SU-2018:2158-1(SUSE Linux Enterprise Server 12-SP3 ) qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.9.4.noarch.rpmLinux
SUSE-SU-2018:2683-1(SUSE Linux Enterprise Desktop 12-SP3 ) compat-openssl098-debugsource-0.9.8j-106.6.1.x86_64.rpmLinux
SUSE-SU-2018:2683-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl0_9_8-0.9.8j-106.6.1.x86_64.rpmLinux
SUSE-SU-2018:2683-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64.rpmLinux
SUSE-SU-2018:2683-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl0_9_8-debuginfo-0.9.8j-106.6.1.x86_64.rpmLinux
SUSE-SU-2018:2683-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.6.1.x86_64.rpmLinux
(RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-1.0.2k-16.el7.x86_64.rpmLinux
(RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-devel-1.0.2k-16.el7.i686.rpmLinux
(RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-devel-1.0.2k-16.el7.x86_64.rpmLinux
(RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-libs-1.0.2k-16.el7.i686.rpmLinux
(RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-libs-1.0.2k-16.el7.x86_64.rpmLinux
(RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-perl-1.0.2k-16.el7.x86_64.rpmLinux
(RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-static-1.0.2k-16.el7.i686.rpmLinux
(RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-static-1.0.2k-16.el7.x86_64.rpmLinux
Openssl update (ELSA-2019-2471) openssl-1.0.1e-58.0.1.el6_10.x86_64.rpmLinux
Openssl-devel update (ELSA-2019-2471) openssl-devel-1.0.1e-58.0.1.el6_10.x86_64.rpmLinux
Openssl-perl update (ELSA-2019-2471) openssl-perl-1.0.1e-58.0.1.el6_10.x86_64.rpmLinux
Openssl-static update (ELSA-2019-2471) openssl-static-1.0.1e-58.0.1.el6_10.x86_64.rpmLinux
Openssl update (ELSA-2019-2471) openssl-1.0.1e-58.0.1.el6_10.i686.rpmLinux
Openssl-devel update (ELSA-2019-2471) openssl-devel-1.0.1e-58.0.1.el6_10.i686.rpmLinux
Openssl-perl update (ELSA-2019-2471) openssl-perl-1.0.1e-58.0.1.el6_10.i686.rpmLinux
Openssl-static update (ELSA-2019-2471) openssl-static-1.0.1e-58.0.1.el6_10.i686.rpmLinux
Multiple vulnerabilities affected in Mysql 5.6.21 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.22 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.23 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.24 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.25 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.26 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.35 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.9 (For Linux)Linux
(CESA-2018:3090) ovmf security, bug fix, and enhancement update OVMF-20180508-3.gitee3198e672e2.el7.noarch.rpmLinux
(CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-1.0.2k-16.el7.x86_64.rpmLinux
(CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-devel-1.0.2k-16.el7.i686.rpmLinux
(CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-devel-1.0.2k-16.el7.x86_64.rpmLinux
(CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-libs-1.0.2k-16.el7.i686.rpmLinux
(CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-libs-1.0.2k-16.el7.x86_64.rpmLinux
(CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-perl-1.0.2k-16.el7.x86_64.rpmLinux
(CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-static-1.0.2k-16.el7.i686.rpmLinux
(CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-static-1.0.2k-16.el7.x86_64.rpmLinux
Uncontrolled Recursion Vulnerability (CVE-2018-0739)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-319042Node.js 10 (10.24.1)
PATCH-332182Node.js 16 (x64) (16.20.2)
PATCH-332181Node.js 16 (16.20.2)
PATCH-319042Node.js 10 (10.24.1)
PATCH-319042Node.js 10 (10.24.1)
PATCH-310858Oracle VM VirtualBox (6.0.12)
PATCH-347137MySQL Workbench CE (x64) (8.0.42)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234