
Impacts clients, or servers that have explicitly enabled clientĪuthentication. The impact on TLS is relatively low, because all versions of OpenSSL have aġ00KiB limit on the peer's certificate chain. It also impacts anything that processes X.509Ĭertificates, including simple things like verifying its signature. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,ĬMS, CMP/CRMF or TS. Of display, the severity is considered low. Applications that call OBJ_obj2txt() directly with untrusted data areĪffected, with any version of OpenSSL. What cryptographic algorithm should be used to sign or verify, encrypt orĭecrypt, or digest passed data. Such OBJECT IDENTIFIERs may be received through the ASN.1 structureĪlgorithmIdentifier, which is commonly used in multiple protocols to specify IDENTIFIERs in canonical numeric text form as identifiers for fetchingĪlgorithms. Identifiers in string form was introduced. With OpenSSL 3.0, support to fetch cryptographic algorithms using names /

The time complexity is O(n^2) with 'n' being the size of the Of KiBs), the translation to a decimal number in text may take a very long (these are sizes that are seen as absurdly large, taking up tens or hundreds When one of the sub-identifiers in the OBJECT IDENTIFIER is very large Sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by Type ASN1_OBJECT) to its canonical numeric text form, which are the OBJ_obj2txt() may be used to translateĪn ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL
KALI LINUX VERSIONS 1.1.0A SERIES
An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers. Messages, which may lead to a Denial of Service. Size limit may experience notable to very long delays when processing those The OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message


Impact summary: Applications that use OBJ_obj2txt() directly, or use any of
KALI LINUX VERSIONS 1.1.0A SOFTWARE
Extended support is available for 1.0.2 from OpenSSL Software Services for premium support customers. Note: All OpenSSL versions before 1.1.1 are out of support and no longer receiving updates. If you think you have found a security bug in OpenSSL, please report it to us.
