A high-severity security flaw in the software library of OpenSSL was currently resolved in a security patch.
The bug if exploited could have led to a denial-of-service (DoS) condition when parsing certificates.
It could also be weaponized when TLS clients (or servers) access a rogue certificate from a malicious server (or client), or when certificate authorities parse certification requests from subscribers and could result to a denial-of-service attack.
Source: https://thehackernews.com/2022/03/new-infinite-loop-bug-in-openssl-could.html
TPRM report: https://scoringcyber.rankiteo.com/company/openssl-software-foundation
"id": "ope214316322",
"linkid": "openssl-software-foundation",
"type": "Vulnerability",
"date": "03/2022",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"
{'affected_entities': [{'industry': 'Information Technology',
'name': 'OpenSSL',
'type': 'Software Library'}],
'attack_vector': ['Parsing certificates',
'Accessing a rogue certificate from a malicious server or '
'client',
'Parsing certification requests from subscribers'],
'description': 'A high-severity security flaw in the software library of '
'OpenSSL was currently resolved in a security patch. The bug '
'if exploited could have led to a denial-of-service (DoS) '
'condition when parsing certificates. It could also be '
'weaponized when TLS clients (or servers) access a rogue '
'certificate from a malicious server (or client), or when '
'certificate authorities parse certification requests from '
'subscribers and could result to a denial-of-service attack.',
'response': {'remediation_measures': 'Security patch released'},
'title': 'High-Severity Security Flaw in OpenSSL',
'type': 'Vulnerability',
'vulnerability_exploited': 'Denial-of-Service (DoS) condition'}