PolyWolf on Security

OpenSSL Security Fixes

Posted on 2021-03-29: https://twitter.com/filosottile/status/1375087988598792193

By @filosottile on twitter:

OpenSSL security fixes dropped.

CVE-2021-3450 is a complete certificate verification bypass in niche non-standard configurations.

CVE-2021-3449 is a NULL pointer dereference crash in default server configurations.

https://www.openssl.org/news/secadv/20210325.txt

Wow those are some crazy bugs. Love the NULL pointer dereference in 2021 :)