|Number of vulnerabilities||1|
|Public exploit||Public exploit code for vulnerability #1 is available.|
Server applications / Encryption software
|Vendor||OpenSSL Software Foundation|
This security bulletin contains one medium risk vulnerability.
Exploit availability: YesDescription
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the SSL_check_chain() function during or after a TLS 1.3 handshake. A remote attacker can send an invalid or unrecognised signature algorithm and perform a denial of service (DoS) attack.Mitigation
Install updates from vendor's website.Vulnerable software versions
OpenSSL: 1.1.1d - 1.1.1fCPE2.3
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?