The OpenSSL Project released a significant security update to fix at least eight known security flaws that put users at risk from malicious hacker attacks.
The most serious flaw, a type confusion problem identified as CVE-2023-0286, may allow an attacker to pass any pointer to a memcmp call, allowing them to read the contents of memory or run denial-of-service exploits. The flaw was given a high severity rating by the OpenSSL maintainers, who also note that it is most likely to only affect programs that have built-in network functionality for retrieving CRLs.
OpenSSL versions 3.0, 1.1.1, and 1.0.2 users are urged to upgrade as soon as they become available. The open-source project also listed seven moderately serious problems that must be fixed immediately.
Read More: OpenSSL Ships Patch for High-Severity Flaws
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.