IT

Mar 17, 2022 OpenSSL rooted ssl bug security

OpenSSL squarely rooted by cert parsing bug

LibreSSL issues patches as well.

A bug in the very popular open-source OpenSSL cryptography library can be abused to cause an infinite loop which causes a denial of service condition, security researchers have found.

Google Project Zero security researchers David Benjamin and Tavis Ormandy discovered the bug and reported it to the OpenSSL project maintainers on February 25.

 

Rated as high severity, the bug can be triggered by a malicious digital certificate with invalid explicit curve parameters, OpenSSL said in its advisory.

 

"The BN_mod_sqrt() function, which computes a modular square root, contains
a bug that can cause it to loop forever for non-prime moduli," the OpenSSL Project said.

 

The advisory says the infinite loop can cause denial-of-service for TLS servers consuming client certificates; hosting providers taking certificates or private keys from customers; certificate authorities parsing certification requests from subscribers; and anything else which parses ASN.1 elliptic curve parameters.

 

OpenSSL versions 1.0.2, 1.1.1, and 3.0 are affected by the bug, and users are advised to upgrade to version 1.0.2zd for premium extended support customers, 1.1.1n and 3.0.2 respectively.

 

The LibreSSL cryptographic library that's based on OpenSSL, and maintained by OpenBSD, has also updated its software.

 

Versions 3.3.6, 3.4.3, and 3.5.1, patched against the infinite-loop denial of service condition, will appear on OpenBSD mirrors soon, LibreSSL maintainers advised.

load more

You were not meant to see this

Category: General|Mar 18, 2022 | Author: Admin

OpenSSL squarely rooted by cert parsing bug

Category: IT|Mar 17, 2022 | Author: Admin

Former Nintendo boss skin braids Meta: - They do nothing innovative

Category: General|Mar 16, 2022 | Author: Admin

That's why Ubisoft was down: "We were hacked"

Category: General|Mar 15, 2022 | Author: Admin

Reveals: "New Mac mini gets M2 and M2 Pro"

Category: Apple|Mar 14, 2022 | Author: Admin

FREE: Gamers love this game

Category: IT|Mar 13, 2022 | Author: Admin

Steam Deck will not arrive in Norway until "after the third quarter"

Category: General|Mar 12, 2022 | Author: Admin

Did you notice Apple's incredible RTX 3090 claim?

Category: General|Mar 11, 2022 | Author: Admin

Be careful: they recall these coolers

Category: IT|Mar 10, 2022 | Author: Admin

Developers can download iOS 15.4 and new macOS now - everyone can update next week

Category: Apple|Mar 9, 2022 | Author: Admin

Soon, OnePlus can be charged to 50 percent in 5 minutes

Category: General|Mar 8, 2022 | Author: Admin

Mac Studio is Apple's new machine

Category: Apple|Mar 7, 2022 | Author: Admin

Google, Microsoft, Apple, and Mozilla join forces to make browsers better

Category: IT|Mar 6, 2022 | Author: Admin

UPDATED: Microsoft has also stopped all sales in Russia

Category: Microsoft|Mar 5, 2022 | Author: Admin

The giants are joining forces for a new chip standard

Category: IT|Mar 4, 2022 | Author: Admin
more