ukukhutshwa kokulungiswa kwelayibrari ye-cryptographic , apho kupheliswa (), ekhokelela ekukhanyeni kwenkonzo xa uzama ukuxoxisana noqhagamshelwano lwe-TLS 1.3 kunye nomncedisi olawulwa ngumhlaseli okanye umxhasi. Ubuthathaka bubekwe njengobuqatha obuphezulu.
Ingxaki ibonakala kuphela kwizicelo ezisebenzisa i SSL_check_chain () umsebenzi kwaye ibangela inkqubo ukuba ingqubene ukuba ulwandiso lweTLS "signature_algorithms_cert" lusetyenziswa ngokungalunganga. Ngokukodwa, ukuba inkqubo yothethathethwano yonxibelelwano ifumana ixabiso elingaxhaswanga okanye elingalunganga kwi-algorithm yokwenziwa kwesiginesha yedijithali, i-NULL pointer dereference iyenzeka kwaye inkqubo iyawa. Ingxaki ibonakala oko kwakhululwa i-OpenSSL 1.1.1d.
umthombo: opennet.ru