OpenSSL encryption library developer Open SSL Project has issued a patch to correct two high-severity vulnerabilities that could enable remote code execution or website crashes.
One flaw originally categorized as critical and now designated as "high" with the patch is an arbitrary 4-byte stacker overflow.
OpenSSL said it was currently unaware of any working exploit that could allow remote code execution, and had no evidence of exploitation.
The second bug could enable hackers to crash sites by sending emails with malicious certificates.
The flaws solely impact OpenSSL versions 3 and above, and OpenSSL recommended that users upgrade to version 3.0.7 "as soon as possible."
From USA Today
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA
No entries found