OpenSSL.Elliptic.Curve.Public.Key.Handling.DoS

description-logoDescription

This indicates an attack attempt to exploit a Denial of Service Vulnerability in OpenSSL Project OpenSSL.
The vulnerability is due to insufficient validation in the BN_mod_sqrt() function. A remote attacker could exploit the vulnerability by sending crafted packets to an OpenSSL server or any application validates client certificates using OpenSSL libraries. Successful exploitation could result in denial of service condition on the target.

affected-products-logoAffected Products

OpenSSL Project OpenSSL prior to 1.0.2zd
OpenSSL Project OpenSSL prior to 1.1.1n
OpenSSL Project OpenSSL prior to 3.0.2

Impact logoImpact

Denial of Service: Remote attackers can crash vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.openssl.org/news/secadv/20220315.txt

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2022-06-14 21.338 Default_action:pass:drop
2022-04-06 20.292