Read the original article: OpenSSL Update Fixes Two High-Severity Vulnerabilities
The OpenSSL project released a new build yesterday that includes fixes for two vulnerabilities. CVE-2021-3449 allows for a denial of service against servers. If a maliciously crafted request to the ClientHello is sent to the server without the signature_algorithms extension but includes the signature_algorithms_cert extension in a renegotiation, the server can crash. Exploiting this vulnerability […]
The post OpenSSL Update Fixes Two High-Severity Vulnerabilities appeared first on Binary Defense.
Read the original article: OpenSSL Update Fixes Two High-Severity Vulnerabilities