CVE-2018-0739

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.2b through 1.0.2n OpenSSL versions 1.1.0 through 1.1.0g MySQL Server versions 5.6.40 and earlier MySQL Server versions 5.7.22 and earlier MySQL Server versions 8.0.11 and earlier

Description The issue is related to constructed ASN.1 types with recursive definitions, which can cause a stack overflow when given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources, so this is considered safe in certain contexts. The vulnerability can be exploited by a remote attacker to cause a Denial of Service.

Recommendations For OpenSSL versions 1.0.2b through 1.0.2n, update to version 1.0.2o to resolve the issue. For OpenSSL versions 1.1.0 through 1.1.0g, update to version 1.1.0h to resolve the issue. For MySQL Server versions 5.6.40 and earlier, 5.7.22 and earlier, and 8.0.11 and earlier, update to a version later than the specified versions to resolve the issue. As a temporary workaround, consider restricting the use of recursive ASN.1 types to minimize the risk of exploitation.