Four flaws in the OpenSSL cryptographic library are being fixed.
With one flaw marked as low severity, and another two as medium severity, the most serious vulnerability is rated as a high risk, and could open the door to denial of service attacks, according to an OpenSSL project said in a recent advisory.
In the most severe flaw, an attacker could send a specially crafted handshake message during the connection set-up, which prevents OpenSSL from freeing up to 64 kilobytes of memory. This in turn causes a memory leak in the OpenSSL server.
Separately, OpenSSL also announced that version 0.9.8 of the cryptographic library will no longer be supported after end of December next year.