Extended Lifecycle Support service providing updated OpenSSL to address CVE-2021-23841

ELS providing updated OpenSSL to address CVE-2021-23841

A flaw in the way OpenSSL API function X509_issuer_and_serial_hash() has been disclosed that may lead applications using it to crash, causing a potential denial-of-service (DoS) to their users. 

 

The flaw lies in the way a hash is calculated from the Issuer and Serial Number data of an X509 certificate, which can make OpenSSL fail returning a NULL value. In turn, this can crash the application calling the function.

Continue reading “Extended Lifecycle Support service providing updated OpenSSL to address CVE-2021-23841”