Security flaw, in openssl
JeromeGaudin opened this issue · comments
JeromeGaudin commented
This version of openssl is vulnerable to a security flaw referenced here: https://nvd.nist.gov/vuln/detail/CVE-2022-0778
A malicious certificate can trigger an infinite loop that cause a service interruption. This can be a huge problem if this library is used to connect to an important service.
Could you please update openssl to a not vulnerable version ( at this date, version 3.0.2, 1.1.1n and 1.0.2zd are not vulnerable)
Felix Schulze commented
Will be fixed in #205