Beldmit

**Name of the Vulnerable Software and Affected Versions** GOST engine versions prior to 3.0.1 **Description** The issue is related to a buffer overflow vulnerability in the GOST engine, a reference implementation of the Russian GOST crypto algorithms for OpenSSL. This occurs when the ciphersuite `TLS GOSTR341112 256 WITH KUZNYECHIK CTR OMAC` is agreed upon and the server uses 512-bit GOST secret keys. The vulnerability can be exploited by a remote attacker to cause a buffer overflow. Disabling the ciphersuite `TLS GOSTR341112 256 WITH KUZNYECHIK CTR OMAC` is a possible workaround. **Recommendations** For GOST engine versions prior to 3.0.1, update to version 3.0.1 to resolve the issue. As a temporary workaround, consider disabling the ciphersuite `TLS GOSTR341112 256 WITH KUZNYECHIK CTR OMAC` until a patch is applied.