OpenSSL is a widely used cryptographic library. This vulnerability allows attackers to execute arbitrary code on your server by exploiting a buffer overflow in the SSLv3 protocol.
OpenSSL is a widely used cryptographic library. This vulnerability allows attackers to execute arbitrary code on your server by exploiting a buffer overflow in the SSLv3 protocol.
You're affected if you use OpenSSL versions prior to 1.0.2k-fips or 1.1.1h, which are vulnerable to the Heartbleed bug. Check with: openssl version
Note: This is not a new vulnerability in modern versions of OpenSSL (1.1.1 and later), but rather an unpatched vulnerability in older versions.
Upgrade to OpenSSL 1.0.2k-fips or later for the most secure version.
- For immediate mitigation, consider disabling SSLv3 protocol support until you can upgrade.