Kusagadzikana kwaonekwa muOpenSSL cryptographic library (CVE haisati yapihwa), nerubatsiro rwekuti anorwisa ari kure anogona kukuvadza zviri mukati mememory memory nekutumira data rakagadzirwa panguva yekumisikidza kubatana kweTLS. Izvo hazvisati zvanyatsojeka kana dambudziko rinogona kutungamira kune anorwisa kodhi kuuraya uye kuburitswa kwedata kubva kune process memory, kana kuti inogumira pakuparara.
Kusagadzikana kunoonekwa mukuburitswa kweOpenSSL 3.0.4, yakaburitswa muna Chikumi 21, uye kunokonzerwa nekugadziriswa kusiri iko kwebug mukodhi izvo zvinogona kukonzera kusvika ku8192 bytes yedata kunyorwa kana kuverenga kupfuura iyo yakagoverwa. Kushandiswa kwekusagadzikana kunokwanisika chete pa x86_64 masisitimu ane tsigiro yemirairo yeAVX512.
Maforogo eOpenSSL akadai seBoringSSL uye LibreSSL, pamwe neOpenSSL 1.1.1 bazi, haabatwe nedambudziko. Iyo gadziriso iripo chete sechigamba. Mumamiriro ezvinhu akaipisisa, dambudziko rinogona kuve nengozi kupfuura kusagadzikana kweHeartbleed, asi danho rekutyisidzira rinoderedzwa nenyaya yekuti kusagadzikana kunongoonekwa mukuburitswa kweOpenSSL 3.0.4, ukuwo kugovera kwakawanda kuchienderera mberi nekutumira 1.1.1 bazi nekusarudzika kana kuti havasati vawana nguva yekuvaka pasuru inogadziridza neshanduro 3.0.4.
Source: opennet.ru