OpenSSL.Elliptic.Curve.Public.Key.Handling.DoS
Description
This indicates an attack attempt to exploit a Denial of Service Vulnerability in OpenSSL Project OpenSSL.
The vulnerability is due to insufficient validation in the BN_mod_sqrt() function. A remote attacker could exploit the vulnerability by sending crafted packets to an OpenSSL server or any application validates client certificates using OpenSSL libraries. Successful exploitation could result in denial of service condition on the target.
Affected Products
OpenSSL Project OpenSSL prior to 1.0.2zd
OpenSSL Project OpenSSL prior to 1.1.1n
OpenSSL Project OpenSSL prior to 3.0.2
Impact
Denial of Service: Remote attackers can crash vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.openssl.org/news/secadv/20220315.txt
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |