New Infinite Loop Bug in OpenSSL Could Let Attackers Crash Remote Servers

Discussion in 'News Aggregator' started by Ravie Lakshmanan, 16 Mar 2022.

  1. The maintainers of OpenSSL have shipped patches to resolve a high-severity security flaw in its software library that could lead to a denial-of-service (DoS) condition when parsing certificates. Tracked as CVE-2022-0778 (CVSS score: 7.5), the issue stems from parsing a malformed certificate with invalid explicit elliptic-curve parameters, resulting in what's called an "infinite loop." The flaw

    Continue reading...
     

Share This Page

Loading...