'On Thursday, OpenSSL maintainers disclosed and patched a vulnerability that causes servers to crash when they receive a maliciously crafted request from an unauthenticated end user. CVE-2021-3449, as the denial-of-server vulnerability is tracked, is the result of a null pointer dereference bug. Cryptographic engineer Filippo Valsorda, said on Twitter that the flaw could probably have been discovered earlier than now.

“Anyway, sounds like you can crash most OpenSSL servers on the Internet today,” he added.'

-- source: https://arstechnica.com/gadgets/2021/03/openssl-fixes-high-severity-flaw-tha...

Cheers, Peter