Security News > 2020 > December > OpenSSL Ships ‘High Severity’ Security Patch
2020-12-08 15:47
The OpenSSL Project today warned that the widely deployed TLS/SSL toolkit is vulnerable to a serious security flaw that exposes users to denial-of-service attacks.
According to an alert from the open-source group, the problem is caused by a specific function that "Behaves incorrectly" if an attacker successfully triggers certain conditions.
OpenSSL provides a f.unction GENERAL NAME cmp which compares different instances of a GENERAL NAME to see if they are equal or not.
1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate.
If an attacker can control both items being compared then that attacker could trigger a crash.