OpenSSL is a widely used cryptographic library. This vulnerability allows attackers to cause a segmentation fault by manipulating uninitialized pointers in the SSL/TLS protocol stack. If exploited successfully, an attacker can execute arbitrary code on the server.
You're affected if you use OpenSSL versions 1.1.1k and earlier (not specified which exact version). Check with: openssl s_client -connect example.com:443 -tls1.2
Note: This is not a vulnerability in modern browsers, as they typically use more secure protocols like TLS 1.3.
Upgrade to OpenSSL 1.1.1l or later.
- Apply the patch from the OpenSSL project's website: https://www.openssl.org/news/vulnerabilities.html#vuln-2022-4200