OpenSSL is a widely-used cryptographic library. This vulnerability allows attackers to cause a segmentation fault by triggering an uninitialized pointer dereference in the OpenSSL library. This can lead to crashes or arbitrary code execution.
OpenSSL is a widely-used cryptographic library. This vulnerability allows attackers to cause a segmentation fault by triggering an uninitialized pointer dereference in the OpenSSL library. This can lead to crashes or arbitrary code execution.
You're affected if you use OpenSSL versions 1.1.1k and earlier, or 3.x.x before 3.0.7.
Check with: openssl version
Or in Bash: grep -r "OPENSSL_VERSION" /etc/ssl/openssl.cnf
This is not the same as a vulnerability in another library like GnuTLS or LibreSSL.
Upgrade to OpenSSL 1.1.1l or later (available on most package managers).
- For immediate mitigation, set the SSLv3/TLSv1.0 ciphersuite list to exclude vulnerable versions:
bash
echo "protocol = TLSv1.2" > /etc/ssl/openssl.cnf