Sign In

Communications of the ACM

ACM TechNews

OpenSSL Patches High Vulnerabilities

View as: Print Mobile App Share:
Pixelized tools.

Organizations should determine which of their applications and servers may be impacted, and deploy the patches as soon as possible.

Credit: Pashaignatov/Getty Images

OpenSSL encryption library developer Open SSL Project has issued a patch to correct two high-severity vulnerabilities that could enable remote code execution or website crashes.

One flaw originally categorized as critical and now designated as "high" with the patch is an arbitrary 4-byte stacker overflow.

OpenSSL said it was currently unaware of any working exploit that could allow remote code execution, and had no evidence of exploitation.

The second bug could enable hackers to crash sites by sending emails with malicious certificates.

The flaws solely impact OpenSSL versions 3 and above, and OpenSSL recommended that users upgrade to version 3.0.7 "as soon as possible."

From USA Today
View Full Article


Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account