Kugadziriswa kuburitswa kweOpenSSL cryptographic library 3.0.2 uye 1.1.1n iripo. Iyo yekuvandudza inogadzirisa kusagadzikana (CVE-2022-0778) iyo inogona kushandiswa kukonzera kurambwa kwesevhisi (kusingagumi looping yemubati). Kuti ushandise kusagadzikana, zvakakwana kugadzirisa chitupa chakagadzirwa. Dambudziko rinoitika mune zvese sevha uye mutengi zvikumbiro izvo zvinogona kugadzirisa-zvinopihwa nemushandisi zvitupa.
Dambudziko rinokonzerwa nebug muBN_mod_sqrt () basa, rinotungamira kune loop paunenge uchiverenga square root modulo chimwe chinhu chisiri cheprime number. Iro basa rinoshandiswa pakudhirowa zvitupa zvine makiyi anobva pane elliptic curves. Kushanda kunouya pasi pakutsiva zvisizvo elliptic curve paramita muchitupa. Nekuda kwekuti dambudziko risati raitika siginecha yedhijitari isati yasimbiswa, kurwiswa kwacho kunogona kuitwa nemushandisi asina chokwadi anogona kuita kuti mutengi kana server setifiketi iendeswe kumaapplication anoshandisa OpenSSL.
Kusagadzikana uku kunokanganisa zvakare LibreSSL raibhurari yakagadziridzwa neOpenBSD purojekiti, gadziriso yakatsanangurwa mukugadzirisa kuburitswa kweLibreSSL 3.3.6, 3.4.3 uye 3.5.1. Pamusoro pezvo, ongororo yemamiriro ekushandisa kusazvibata yakatsikiswa (muenzaniso wechitupa chinokanganisa chinokonzera kutonhora hachisati chaburitswa pachena).
Source: opennet.ru