OpenSSL Patches New Bug Targeting Encryption [Lessons from Heartbleed]

OpenSSL Patches New Bug Targeting Encryption [Lessons from Heartbleed]

brooke.crothers

Thu, 05/05/2022 - 12:26

• 2 views

What is the new OpenSSL vulnerability?

CVE-2022-0778 is described as an infinite loop DoS attack discovered by Google vulnerability researcher Tavis Ormandy. A flaw in the encryption algorithm used to underpin OpenSSL was exploited, triggering an infinite number of requests when certain input value(s) are used. OpenSSL relies on Elliptic Curve (EC) cryptography, which is faster and more elegant than the older RSA, and …

bug encryption heartbleed openssl patches targeting