corrective release of the cryptographic library , in which the () resulting in a denial of service when attempting to negotiate a TLS 1.3 connection with an attacker-controlled server or client. The vulnerability has been assigned a high severity level.
The problem appears only in applications that use the SSL_check_chain() function, and leads to a process crash if the "signature_algorithms_cert" TLS extension is incorrectly used. In particular, when an unsupported or invalid value of the digital signature processing algorithm is received during the connection negotiation process, a null pointer dereference occurs and the process crashes. The problem has been present since the release of OpenSSL 1.1.1d.
Source: opennet.ru