OpenSSL has fixed two serious vulnerabilities, one that could allow denial-of-service attacks and another that could lead to spoofing. Proof-of-concept exploit code has been developed that demonstrates the potential for abuse.
The vulnerabilities affect OpenSSL versions 1.1.1h and later, and have been fixed in the most recent version, 1.1.1k. In OpenSSL 1.0.2, they are not present. CVE-2021-3449 is the denial-of-service vulnerability. Servers that use OpenSSL with the default configuration to use TLSv1.2 in conjunction with renegotiation are vulnerable. Clients can send those systems a rogue renegotiation ClientHello message to crash the server.
Vulnerability CVE-2021-3450 allows a server or client to accept a malicious certificate by bypassing certain authentication. However, this spoofing vulnerability is not present by default, only if a particular X509 flag is active.
OpenSSL provides details about the vulnerabilities and the fixes that have been implemented. Debian, FreeBSD, OpenSUSE, SUSE and Ubuntu have made updates available. The National Cyber Security Center considers the risk of abuse and damage to be high, although abuse has not yet been detected in practice and only a proof-of-concept for abuse has been developed.