Security Alert (A23-10-26): Vulnerability in OpenSSL


 

Published on: 26 October 2023

Description:

OpenSSL has released 3.0.12 and 3.1.4 to fix the vulnerability in various versions of OpenSSL. The details of the security update can be found at:
https://www.openssl.org/news/secadv/20231024.txt

 

Affected Systems:

  • OpenSSL 3.0.x prior to version 3.0.12
  • OpenSSL 3.1.x prior to version 3.1.4

 

Impact:

Successful exploitation could lead to denial of service on an affected system.

 

Recommendation:

Patches for OpenSSL 3.0.x and 3.1.x are available. Please note that OpenSSL is also distributed as source code in various products. It is recommended to consult product vendors to confirm if the used products are affected and the availability of patches. System administrators and users should apply the patches when available or follow the recommendations provided by the product vendors to mitigate the risk.

 

More Information:

  • https://www.openssl.org/news/secadv/20231024.txt
  • https://www.hkcert.org/security-bulletin/openssl-denial-of-service-vulnerability_20231026
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5363


Tag: OpenSSL
Tags