Iranian Threat Actors Launch Destructive Wiping Attacks on Targeted Nations – Active IOCs

May 21, 2024

LokiBot Malware – Active IOCs

May 22, 2024

CVE-2024-4603 – OpenSSL Vulnerability

May 21, 2024

Severity

Low

Analysis Summary

CVE-2024-4603

OpenSSL is vulnerable to a denial of service, caused by improper input validation by the EVP_PKEY_param_check() or EVP_PKEY_public_check() function. By parsing a specially crafted DSA public key or DSA parameters, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition.

Impact

Denial of Service

Indicators of Compromise

CVE

CVE-2024-4603

Affected Vendors

OpenSSL

Affected Products

OpenSSL OpenSSL 3.0.0
OpenSSL OpenSSL 3.1.0
OpenSSL OpenSSL 3.2.0
OpenSSL OpenSSL 3.3.0

Remediation

Refer to OpenSSL Security Advisory for patch, upgrade or suggested workaround information.

OpenSSL Security Advisory

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Multiple D-Link Products Vulnerabilities

Multiple GitLab Products Vulnerabilities

CVE-2025-25012 – Elastic Kibana Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us