This week OpenSSL has released fixes for a high severity Denial of Service (DoS) vulnerability impacting the open source project. U.S. DHS Cybersecurity and Infrastructure Security Agency (CISA) has warned admins to upgrade their vulnerable OpenSSL instances immediately. The high severity vulnerability stems from a NULL pointer dereferencing issue. Caused by null pointers in SSL certificate name validation, this is one of the ways this vulnerability can be exploited. The vulnerability impacts all versions of OpenSSL 1.0.2 and 1.1.1i.
Source: https://www.bleepingcomputer.com/news/security/dhs-cisa-urges-admins-to-patch-openssl-dos-vulnerability/