OpenSSL has announced the availability of patches for three new vulnerabilities, including one related to incorrect SSLv2 rollback protection and two that can be exploited for denial-of-service (DoS) attacks.
Google Project Zero researcher Tavis Ormandy reported the flaw to OpenSSL developers, and it has been patched. Researchers at cybersecurity firm Trustwave reported another low-severity issue – CVE-2021-23839, to the OpenSSL Project. They discovered that servers using OpenSSL 1.0.2 are vulnerable to SSL version rollback attacks.
To Read More: SecurityWeek