Updated: 2025-08-20 01:43:51.561306
Description:
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | MEDIUM | 4.3 |
| CVSS Version 3.x | MEDIUM | 6.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | openssl | 3.0.7 | 6.5 | MEDIUM | Ignored | 2025-09-09 10:43:02 | Deprioritize this issue because it is a denial‑of‑service only (no confidentiality or integrity ... | |
| Alpine Linux 3.18 ELS | openssl | 3.1.8 | 6.5 | MEDIUM | Ignored | 2025-09-09 10:43:02 | Ignored due to low severity | |
| CentOS 6 ELS | openssl | 1.0.1e | 6.5 | MEDIUM | Released | CLSA-2021:1632262317 | 2022-05-05 12:01:46 | |
| CentOS 7 ELS | openssl | 1.0.2k | 6.5 | MEDIUM | Ignored | 2025-09-09 10:43:01 | Ignored due to low severity | |
| CentOS 8.4 ELS | openssl | 1.1.1g | 6.5 | MEDIUM | Ignored | 2025-09-10 13:39:44 | Ignored due to low severity | |
| CentOS 8.5 ELS | openssl | 1.1.1k | 6.5 | MEDIUM | Ignored | 2025-09-10 13:39:43 | Ignored due to low severity | |
| CentOS Stream 8 ELS | openssl | 1.1.1k | 6.5 | MEDIUM | Ignored | 2025-09-10 13:39:45 | Ignored due to low severity | |
| CloudLinux 6 ELS | openssl | 1.0.1e | 6.5 | MEDIUM | Released | 2021-11-02 14:03:17 | ||
| CloudLinux 7 ELS | openssl | 1.0.2k | 6.5 | MEDIUM | Ignored | 2025-09-10 13:39:46 | Ignored due to low severity | |
| Oracle Linux 6 ELS | openssl | 1.0.1e | 6.5 | MEDIUM | Not Vulnerable | CLSA-2021:1634922881 | 2021-11-02 14:03:17 |