Post Syndicated from original https://lwn.net/Articles/887970/

The OpenSSL project has disclosed a
vulnerability wherein an attacker presenting a malicious certificate
can cause the execution of an infinite loop. It is thus a
denial-of-service vulnerability for any application — server or client —
that handles certificates from untrusted sources. The OpenSSL 3.0.2 and
1.1.1n releases contain fixes for the problem. This advisory makes it clear that LibreSSL,
too, suffers from this vulnerability; updated releases are available there too.