openssl vulnerabilities

A simple, malformed PKCS#12 file can crash OpenSSL and take down services that import or parse certificates — CVE-2024-0727 exposes a NULL-pointer weakness in PKCS#12 decoding that allows an attacker to cause a denial-of-service (DoS) condition in any application that uses vulnerable OpenSSL...

CVE‑2024‑2511 exposed a surprising — and at first glance narrowly scoped — weakness in OpenSSL’s TLSv1.3 session handling: certain non‑default server configurations can cause the session cache to stop flushing and grow without bound, allowing a remote actor to force resource exhaustion and a...