A security hole has been found in OpenSSL, which has now been addressed with a fix. The discovered vulnerability, if exploited, might result in a service outage causing the exposed server to crash.
OpenSSL has issued a security update to address a flaw in its library, which, if exploited, would result in Denial of Service (DoS) conditions and remote server crashes.
Finding such a vulnerability within OpenSSL is a severe issue, primarily as OpenSSL is one of the most well-known open-source encryption systems used to secure SSL/TLS (Secure Socket Layer and Transport Layer Security) communications for online platforms’ certification and encrypted conversation. As a result, any flaw in the library has a significant impact.
The problem encountered in OpenSSL
The problem represented as CVE-2022-0778 (CVSS score: 7.5) is a flaw in the analysis of certificates with invalid elliptic curve explicit parameters and would reside in a function called “BN_mod_sqrt.” The function is often used to compute square roots modulo n within the certificate analysis phases.