This New OpenSSL Bug Could Bring Down Any Web Server

A serious bug in OpenSSL allows you to block servers

This bug has been rated as high severity and affects the OpenSSL software library. has received a CVSS score of 7.5 and it is capable of allowing an attacker to carry out denial of service or DoS attacks when analyzing certificates. This type of problem is called an infinite loop. The bug is specifically present in a function called BN_mod_sqrt().

The error has been logged as CVE-2022-0778 and could cause many servers to be out of service remotely. The security researchers behind this discovery indicate that certificate parsing is performed before certificate signature verification. This makes any process that parses an externally provided certificate potentially subject to a denial of service attack.

Keep in mind that this is not the first vulnerability to affect OpenSSL so far this year. A little over a month ago there was another registered as CVE-2022-0778, but on that occasion it was rated as moderate in severity, with a CVSS score of 5.9, so it was not as important as the one we are talking about now.

OpenSSL failure

available solution

This serious flaw that affects OpenSSL and allows to block servers remotely affects the versions 1.0.2, 1.1.1 and 3.0. Those responsible for the project quickly got down to work to launch a solution as soon as possible. In this way, they released versions 1.0.2zd (available for Premium support customers), 1.1.1n and 3.0.2

The problem is that version 1.1.0 is also affected, but it will not receive any updates as it has reached the end of its useful life. However, there may be many users who still use it and have not switched to more recent ones.

Security researchers have indicated that there is no evidence that this serious vulnerability has been exploited. However, they warn that there are different scenarios in which it can become a major problem and that is why it is convenient update as soon as possible and avoid problems.

Once again, the importance of always having the latest versions available. It is essential to install any update or patch that appears for a certain operating system, program that we use or driver. In this way you can avoid vulnerabilities that could be exploited by a hacker and compromise your personal information and the proper functioning of the equipment.

There are options to check SSL TLS certificates and vulnerabilities on websites. This will also help you know when a page may have a certificate-related problem and find a solution as soon as possible.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *