News Targeted


Category: IT|Mar 17, 2022 | Author: Admin

OpenSSL squarely rooted by cert parsing bug

Share on

LibreSSL issues patches as well.

A bug in the very popular open-source OpenSSL cryptography library can be abused to cause an infinite loop which causes a denial of service condition, security researchers have found.

Google Project Zero security researchers David Benjamin and Tavis Ormandy discovered the bug and reported it to the OpenSSL project maintainers on February 25.

 

Rated as high severity, the bug can be triggered by a malicious digital certificate with invalid explicit curve parameters, OpenSSL said in its advisory.

 

"The BN_mod_sqrt() function, which computes a modular square root, contains
a bug that can cause it to loop forever for non-prime moduli," the OpenSSL Project said.

 

The advisory says the infinite loop can cause denial-of-service for TLS servers consuming client certificates; hosting providers taking certificates or private keys from customers; certificate authorities parsing certification requests from subscribers; and anything else which parses ASN.1 elliptic curve parameters.

 

OpenSSL versions 1.0.2, 1.1.1, and 3.0 are affected by the bug, and users are advised to upgrade to version 1.0.2zd for premium extended support customers, 1.1.1n and 3.0.2 respectively.

 

The LibreSSL cryptographic library that's based on OpenSSL, and maintained by OpenBSD, has also updated its software.

 

Versions 3.3.6, 3.4.3, and 3.5.1, patched against the infinite-loop denial of service condition, will appear on OpenBSD mirrors soon, LibreSSL maintainers advised.

Sources: itnews.com

Sponsored Ads:

Comments:

< Next article

Previous article >


Can force Facebook to allow it

Category: IT|May 5, 2024 | Author: Admin

Siri can no longer tell the clock

Category: Apple|May 4, 2024 | Author: Admin

Struggling with VPN

Category: Microsoft|May 3, 2024 | Author: Admin

This is how Huawei tricked its way into the US

Category: IT|May 2, 2024 | Author: Admin

Edge 125 arrives in Beta with sleeping tab improvements and other changes

Category: IT|May 1, 2024 | Author: Admin

Now the iPad opens

Category: Apple|Apr 30, 2024 | Author: Admin

Woke up locked out of Apple ID on iPhone

Category: Apple|Apr 29, 2024 | Author: Admin

Google has a hidden collection of highly-addictive retro games

Category: Google|Apr 28, 2024 | Author: Admin

Google is officially a $2 trillion company

Category: Google|Apr 27, 2024 | Author: Admin

Snowden: “DO NOT use Reddit!”

Category: IT|Apr 26, 2024 | Author: Admin

Popular Google app used by millions set to close in a few weeks

Category: Google|Apr 25, 2024 | Author: Admin

Cheeky, YouTube!

Category: Google|Apr 24, 2024 | Author: Admin

This is the date Apple will reveal new iPads

Category: Apple|Apr 23, 2024 | Author: Admin

Only possible with VPN

Category: IT|Apr 22, 2024 | Author: Admin

Apple sidles into sideloading in the EU

Category: Apple|Apr 21, 2024 | Author: Admin
more