OpenSSL is a widely used cryptographic library. This vulnerability allows attackers to crash or execute arbitrary code on the system by manipulating uninitialized pointers.
OpenSSL is a widely used cryptographic library. This vulnerability allows attackers to crash or execute arbitrary code on the system by manipulating uninitialized pointers.
You're affected if you use OpenSSL versions 1.1.1c and earlier, as well as 3.0.0-beta1 and later (due to a backport of the fix). Check with: grep -r "OPENSSL_VERSION" /etc/ssl/openssl.cnf
Note: This is not related to other OpenSSL vulnerabilities like CVE-2014-1769.
Upgrade to OpenSSL 3.0.2 or later.
Maven: Update your pom.xml dependency version
Immediate mitigations:
- Disable the FIPS interface (if enabled) by setting OpenSSL's fips mode to "off"
- Use a secure configuration file (e.g., /etc/ssl/openssl.cnf)