Chris Mueller

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 1.0.0 through 1.0.0p OpenSSL versions 1.0.1 through 1.0.1k openssl-1.0.1e openssl-devel-1.0.1e openssl-static-1.0.1e openssl-libs-1.0.1e openssl-debuginfo-1.0.1e **Description** The issue is related to multiple vulnerabilities in the OpenSSL package, which can be exploited remotely to cause a denial of service or gain access to encrypted data without knowing the encryption key. The vulnerabilities can lead to a memory leak, allowing attackers to consume memory and cause a failure in replay detection. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For OpenSSL versions 1.0.0 through 1.0.0p, update to version 1.0.0p or later. For OpenSSL versions 1.0.1 through 1.0.1k, update to version 1.0.1k or later. For openssl-1.0.1e, openssl-devel-1.0.1e, openssl-static-1.0.1e, openssl-libs-1.0.1e, and openssl-debuginfo-1.0.1e, update to a version that is not affected by the vulnerabilities. As a temporary workaround, consider restricting access to the vulnerable OpenSSL package until a patch is available.