Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 1.1.0

Description A double-free issue exists where a malicious PEM file with 0 bytes of payload data can cause a crash when parsed. This occurs because the file points to already freed memory, which when freed again, results in a crash. Agents or clients compiled with OpenSSL may experience unexpected crashes when handling such PEM files.

Recommendations For versions prior to 1.1.0, consider updating to a version where OpenSSL has been replaced with Rust-based TLS, such as in bottlerocket/update-operator version 1.1.0, to mitigate the risk of crashes due to this issue.