Mwepụta mmezi nke ọbá akwụkwọ cryptographic OpenSSL 1.1.1k dị, nke na-edozi adịghị ike abụọ ekenyere ọkwa dị elu:
- CVE-2021-3450 - Ọ ga-ekwe omume ịgafe nkwenye nke asambodo ikike asambodo mgbe agbanyere ọkọlọtọ X509_V_FLAG_X509_STRICT, nke nwere nkwarụ na ndabara ma jiri ya na-elele ọnụnọ nke asambodo na yinye. Ewebatara nsogbu a na mmejuputa nlele ọhụrụ nke OpenSSL 1.1.1h machibido iji asambodo n'ime agbụ nke na-etinye akara n'ụzọ doro anya.
N'ihi njehie dị na koodu ahụ, nlele ọhụrụ ahụ gafere nsonaazụ nlele emere na mbụ maka izi ezi nke asambodo ikike asambodo. N’ihi nke a, asambodo nke asambodo binyere aka n’aka nke onwe ya, nke na-ejikọtaghị n’usoro ntụkwasị obi na ndị ikike asambodo, ka a na-ewere dị ka ndị a pụrụ ịtụkwasị obi zuru oke. Ọdịmma ahụ anaghị apụta ma ọ bụrụ na edobere oke “ebumnobi”, nke edobere na ndabara na usoro nkwenye nke onye ahịa yana ihe nkesa na libssl (eji TLS).
- CVE-2021-3449 - Ọ ga-ekwe omume ịkpata ihe nkesa TLS site na onye ahịa na-eziga ozi ClientHello emebere nke ọma. Esemokwu a metụtara NULL pointer na mmejuputa nke ndọtị signature_algorithms. Okwu a na-eme naanị na sava na-akwado TLSv1.2 ma mee ka mkparịta ụka njikọ dị (nke ndabara kwadoro).
isi: opennet.ru