OpenSSL is vulnerable to Denial of Service (DoS). The vulnerability is caused by incorrect handling of TLSv1.3 sessions when certain non-default server configurations are used without proper anti-replay protection, causing the session cache to grow unbounded and potentially leading to a Denial of Service (DoS).
www.openwall.com/lists/oss-security/2024/04/08/5
github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce
github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d
github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08
github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.17/main.yaml
secdb.alpinelinux.org/v3.18/main.yaml
secdb.alpinelinux.org/v3.19/main.yaml
security.netapp.com/advisory/ntap-20240503-0013/
www.openssl.org/news/secadv/20240408.txt