The OpenSSL project has issued an advisory for two high-severity vulnerabilities in OpenSSL products. The vulnerabilities include a Denial of Service (DoS) flaw due to NULL pointer dereferencing which only impacts OpenSSL server instances, not the clients. The vulnerability was discovered by engineers Peter K..stle and Samuel Sapalski of Nokia, who also offered the fix shown above. Neither vulnerabilities impact OpenSSL 1.1.1k and users are advised to upgrade to this version to protect their instances.

Source: https://www.bleepingcomputer.com/news/security/openssl-fixes-severe-dos-certificate-validation-vulnerabilities/