Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Multiple Vulnerabilities in OpenSSL
Alerts

Multiple Vulnerabilities in OpenSSL

26 March 2021

OpenSSL has released a security update to address vulnerabilities in their product. OpenSSL is an open source software library for implementing various cryptographic functions on software such as securing websites via TLS and email encryption.

The vulnerabilities addressed are:

  • CVE-2021-3449: A Denial of Service (DoS) vulnerability due to NULL pointer dereferencing in default server configurations.

  • CVE-2021-3450: An improper Certificate Authority (CA) certificate validation vulnerability which impacts both the server and client instances. Successful exploitation of the vulnerability could allow an attacker to use a valid non-CA certificate to act as a CA and sign a certificate for an arbitrary organisation, user or device.

Administrators, software vendors and users running affected versions are recommended to upgrade to OpenSSL 1.1.1k immediately. If you are using a software that is dependent on OpenSSL, please check with the software vendor for more information.

More information is available here:

https://www.openssl.org/news/secadv/20210325.txt

Back to top