OpenSSL is a powerful Secure Sockets Layer cryptographic library that includes all major cryptographic algorithms, commonly used keys, certificate wrapper management functions and SSL protocols, and provides rich applications for testing and other purposes. libssl implements the SSL v2/v3 and TLS v1 protocols. A memory error vulnerability exists in OpenSSL version 3.0.0. The vulnerability is due to a call to the X509_verify_cert() function by libssl to verify a server-provided certificate, which is incorrectly handled by OpenSSL. An attacker could exploit this vulnerability to cause a program to fail to run correctly, which could, for example, result in a crash, infinite loop, or other similar error response.
CPE | Name | Operator | Version |
---|---|---|---|
openssl project openssl | eq | 3.0.0 |