The OpenSSL Project released the OpenSSL 1.0.2n version that addresses two vulnerabilities discovered by the Google researcher David Benjamin. Benjamin discovered the vulnerabilities using the OSS-Fuzz fuzzing service. The first âmoderate severityâ issue, tracked as CVE-2017-3737, is related to an âerror stateâ mechanism implemented since OpenSSL 1.0.2b. “OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an “error state” […]
OpenSSL patches two low and medium severity vulnerabilities that were discovered by using Googleâs open source OSS-Fuzz fuzzing service. The medium severity vulnerability tracked as CVE-2017-3736 was addressed with the release of OpenSSL 1.1.0g and 1.0.2m. The flaw is a carry propagating bug in the x86_64 Montgomery squaring procedure, it affects processors that support BMI1, BMI2 and […]