OpenSSL is a widely used cryptographic library. This vulnerability allows attackers to crash or execute arbitrary code on the server by manipulating the OpenSSL library's memory management.
OpenSSL is a widely used cryptographic library. This vulnerability allows attackers to crash or execute arbitrary code on the server by manipulating the OpenSSL library's memory management.
You're affected if you use OpenSSL versions 1.0.2k-fossil-softened, 1.1.1h, and 3.0.7. Check with: openssl version
Note: This is a general vulnerability that affects many systems, including Linux, Windows, and macOS.
To fix this issue:
- Upgrade to OpenSSL 3.0.8 or later.
- For immediate mitigations on affected versions:
- Disable the use of the FIPS interface (openssl conf -fips no)
- Use a secure configuration file (openssl conf -config
- Apply a patch from the OpenSSL project's advisory