OpenSSL recently announced updates to address a critical DoS issue linked to certificate parsing. The security hole, designated CVE-2022-0778, was discovered by Google vulnerability researcher Tavis Ormandy and reported to the OpenSSL Project.
The flaw affects OpenSSL versions 1.0.2, 1.1.1, and 3.0, and has been patched in versions 1.0.2zd (for premium support customers), 1.1.1n, and 3.0.2. Version 1.1.0 is also affected, but is deprecated and will not receive a fix.
CVE-2022-0778 is the second OpenSSL vulnerability to be patched in 2022; in January, a moderate-severity issue was addressed. In 2021, a total of eight issues were addressed, including three with a severity rating of “severe.”
Read More: Securityweek
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.