OpenSSL is a widely-used cryptographic library. This vulnerability allows attackers to cause a segmentation fault by manipulating the OpenSSL buffer size, potentially leading to code execution.
OpenSSL is a widely-used cryptographic library. This vulnerability allows attackers to cause a segmentation fault by manipulating the OpenSSL buffer size, potentially leading to code execution.
You're affected if you use OpenSSL versions 1.0.2k-fossil-softened or earlier (not specified in advisory). Check with: grep -qE 'OPENSSL_1_0_X' /etc/ssl/openssl.cnf
Or in OpenSSL: openssl version
To fix this vulnerability, upgrade to OpenSSL 1.1.1l or later.
For immediate mitigation:
- Disable the vulnerable SSLv2 protocol (openssl s_client -connect example.com:443 -proto tlsv1)
- Use a secure cipher suite (openssl s_client -connect example.com:443 -cipher TLSv1.3)