Three New Vulnerabilities Patched in OpenSSL


OpenSSL updates patch new vulnerabilities

The OpenSSL Project on Tuesday announced the availability of patches for three vulnerabilities, including two that can be exploited for denial-of-service (DoS) attacks and one related to incorrect SSLv2 rollback protection.

The most serious of the vulnerabilities, with a severity rating of moderate, is CVE-2021-23841, a NULL pointer dereference issue that can result in a crash and a DoS condition. The security hole is related to a function (X509_issuer_and_serial_hash) that is never called directly by OpenSSL itself, which means it only impacts applications that use the function directly with certificates obtained from untrusted sources.

Read more…