CVE-2018-0739 in Fujitsu M10-1info

Summary

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

11/30/2017

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
179253	Oracle Fujitsu M10-1 OpenSSL denial of service	404	Not defined	Official fix	CVE-2018-0739
125652	Oracle OSS Support Tools OpenSSL resource consumption	400	Not defined	Official fix	CVE-2018-0739
125572	Oracle PeopleSoft Enterprise PeopleTools OpenSSL resource consumption	400	Not defined	Official fix	CVE-2018-0739
125530	Oracle JD Edwards EnterpriseOne Tools Enterprise Infrastructure resource consumption	400	Not defined	Official fix	CVE-2018-0739
125473	Oracle Endeca Server Product Code resource consumption	400	Not defined	Official fix	CVE-2018-0739
125416	Oracle Enterprise Manager Base Platform Discovery resource consumption	400	Not defined	Official fix	CVE-2018-0739
121897	Oracle Secure Global Desktop OpenSSL resource consumption	400	Not defined	Official fix	CVE-2018-0739
121881	Oracle Transportation Management Install resource consumption	400	Not defined	Official fix	CVE-2018-0739
121880	Oracle Agile Engineering Data Management Install resource consumption	400	Not defined	Official fix	CVE-2018-0739
121807	Oracle PeopleSoft Enterprise PeopleTools Security resource consumption	400	Not defined	Official fix	CVE-2018-0739
121782	Oracle MySQL Workbench resource consumption	400	Not defined	Official fix	CVE-2018-0739
121780	Oracle MySQL Server Installing resource consumption	400	Not defined	Official fix	CVE-2018-0739
121776	Oracle MySQL Enterprise Monitor Monitoring resource consumption	400	Not defined	Official fix	CVE-2018-0739
121775	Oracle MySQL Connectors Connector/ODBC resource consumption	400	Not defined	Official fix	CVE-2018-0739
121715	Oracle Tuxedo OpenSSL resource consumption	400	Not defined	Official fix	CVE-2018-0739
121713	Oracle API Gateway resource consumption	400	Not defined	Official fix	CVE-2018-0739
121624	Oracle Enterprise Manager Ops Center Networking resource consumption	400	Not defined	Official fix	CVE-2018-0739
121580	Oracle Communications Network Charging/Control resource consumption	400	Not defined	Official fix	CVE-2018-0739
116841	Oracle VM VirtualBox Core resource consumption	400	Not defined	Official fix	CVE-2018-0739
115113	OpenSSL ASN.1 resource consumption	400	Not defined	Official fix	CVE-2018-0739

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!