Security researchers disclosed a vulnerability in OpenSSL affecting TLS 1.3 handshakes. Cloud providers recommend updating to patched versions immediately.
The flaw allows denial-of-service attacks against servers accepting TLS connections. Remote code execution has not been demonstrated.
Affected Versions
OpenSSL 3.0.0 through 3.0.9 contain the vulnerability. Version 3.0.10 includes the fix.
OpenSSL 1.1.x remains unaffected. Systems using this older branch do not require updates for this specific issue.
Cloud Impact
AWS, Azure, and GCP have patched managed services. Customer-managed instances require manual updates.
Container images using affected OpenSSL versions need rebuilding. Check your base image documentation for patched tags.
Mitigation
If immediate updates are not possible, rate limiting TLS handshakes provides partial protection.
Web application firewalls can detect and block exploit attempts. Enable logging to identify attack attempts.
Verification
Run openssl version to check installed versions. Package managers show available updates via standard commands.
