OpenSSL, a popular secure communication library is found to have a bug that can put the service into an infinite loop of DoS.
Researchers said the bug is regarding a parsing issue within certain versions of OpenSSL and needs a maliciously crafted certificate for triggering it. Once done, it puts the SSL connection in a loop of me a denial of service. OpenSSL team has released patches for this issue and recommends users apply.
OpenSSL Parsing Bug Causing DoS
Denial of Service (DoS) is something that causes a legitimate service to crash due to malicious acts pushed by threat actors, with an aim of blocking the service even for legitimate users. Though this may not pose a huge cybersecurity risk, it can cost a long-term financial loss and dent the brand’s reputation.
And this is what OpenSSL users may face if they don’t patch a bug spotted recently. Found by Tavis Ormandy, a Google security researcher, the certificate parsing vulnerability in OpenSSL can cause a significant impact to all the businesses using it.
This was a fun one to work on, @davidben__ helped track it down to a bug in the Tonelli-Shanks implementation in OpenSSL. https://t.co/AYvpBLwNvJ — Tavis Ormandy (@taviso) March 15, 2022
