Two high-severity vulnerabilities in the OpenSSL software library were disclosed on Thursday. The software is widely used to implement the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, which support encrypted network connections. The first flaw, a certificate check bypass (CVE-2021-3450), arose as a result of code implemented in v1.1h to perform an additional validity check on certificates using certain cryptographic parameters. The second flaw has the potential to crash an OpenSSL server with a maliciously crafted renegotiation ClientHello message.
Please follow and like us: