OpenSSL Patches Three New Vulnerabilities

12
OpenSSL Patches Three New Vulnerabilities

OpenSSL has announced the availability of patches for three new vulnerabilities, including one related to incorrect SSLv2 rollback protection and two that can be exploited for denial-of-service (DoS) attacks.

Google Project Zero researcher Tavis Ormandy reported the flaw to OpenSSL developers, and it has been patched. Researchers at cybersecurity firm Trustwave reported another low-severity issue – CVE-2021-23839, to the OpenSSL Project. They discovered that servers using OpenSSL 1.0.2 are vulnerable to SSL version rollback attacks.

To Read More:  SecurityWeek