A NULL pointer dereference flaw was found in the way OpenSSL handled certain TLS handshake messages. This flaw allows an unauthenticated attacker to cause a server application compiled with OpenSSL to crash, causing a denial of service. In some cases a malicious server could also cause a client compiled with OpenSSL to crash.
Applications compiled with OpenSSL >= 1.1.1d that either use openssl without invoking the SSL_check_chain()
function or do not use TLS 1.3 are not vulnerable to this flaw.