OpenSSL Software Foundation

OpenSSL Software Foundation

A high-severity security flaw in the software library of OpenSSL was currently resolved in a security patch.

The bug if exploited could have led to a denial-of-service (DoS) condition when parsing certificates.

It could also be weaponized when TLS clients (or servers) access a rogue certificate from a malicious server (or client), or when certificate authorities parse certification requests from subscribers and could result to a denial-of-service attack.

Source: https://thehackernews.com/2022/03/new-infinite-loop-bug-in-openssl-could.html

TPRM report: https://scoringcyber.rankiteo.com/company/openssl-software-foundation

"id": "ope214316322",
"linkid": "openssl-software-foundation",
"type": "Vulnerability",
"date": "03/2022",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"
{'affected_entities': [{'industry': 'Information Technology',
                        'name': 'OpenSSL',
                        'type': 'Software Library'}],
 'attack_vector': ['Parsing certificates',
                   'Accessing a rogue certificate from a malicious server or '
                   'client',
                   'Parsing certification requests from subscribers'],
 'description': 'A high-severity security flaw in the software library of '
                'OpenSSL was currently resolved in a security patch. The bug '
                'if exploited could have led to a denial-of-service (DoS) '
                'condition when parsing certificates. It could also be '
                'weaponized when TLS clients (or servers) access a rogue '
                'certificate from a malicious server (or client), or when '
                'certificate authorities parse certification requests from '
                'subscribers and could result to a denial-of-service attack.',
 'response': {'remediation_measures': 'Security patch released'},
 'title': 'High-Severity Security Flaw in OpenSSL',
 'type': 'Vulnerability',
 'vulnerability_exploited': 'Denial-of-Service (DoS) condition'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.