Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 1.1.0

Description A null pointer in OpenSSL can be dereferenced when signatures are being verified in malformed PKCS7 data, potentially causing unexpected crashes in agents or clients compiled with OpenSSL.

Recommendations For versions prior to 1.1.0, update to bottlerocket/update-operator version 1.1.0 or later, which replaces OpenSSL with Rust-based TLS using rustls.