'On Thursday, OpenSSL maintainers disclosed and patched a
vulnerability that causes servers to crash when they receive a
maliciously crafted request from an unauthenticated end user.
CVE-2021-3449, as the denial-of-server vulnerability is tracked, is
the result of a null pointer dereference bug. Cryptographic engineer
Filippo Valsorda, said on Twitter that the flaw could probably have
been discovered earlier than now.
“Anyway, sounds like you can crash most OpenSSL servers on the
Internet today,” he added.'
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 577-5304