First published: Thu Jun 22 2023(Updated: )
Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/openssl | <1.0.2g-1ubuntu4.20+esm9 | 1.0.2g-1ubuntu4.20+esm9 |
=16.04 | ||
All of | ||
ubuntu/libssl1.0.0 | <1.0.2g-1ubuntu4.20+esm9 | 1.0.2g-1ubuntu4.20+esm9 |
=16.04 | ||
All of | ||
ubuntu/openssl | <1.0.1f-1ubuntu2.27+esm9 | 1.0.1f-1ubuntu2.27+esm9 |
=14.04 | ||
All of | ||
ubuntu/libssl1.0.0 | <1.0.1f-1ubuntu2.27+esm9 | 1.0.1f-1ubuntu2.27+esm9 |
=14.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
OpenSSL incorrectly handles certain ASN.1 object identifiers, which can be exploited by a remote attacker to cause a denial of service.
The OpenSSL vulnerability affects Ubuntu 16.04 and can be exploited by a remote attacker to cause a denial of service.
The OpenSSL vulnerability affects Ubuntu 14.04 and can be exploited by a remote attacker to cause a denial of service.
The remedy for the OpenSSL vulnerability in Ubuntu 16.04 is to update OpenSSL to version 1.0.2g-1ubuntu4.20+esm9.
The remedy for the OpenSSL vulnerability in Ubuntu 14.04 is to update OpenSSL to version 1.0.1f-1ubuntu2.27+esm9.