Initial Publication Date: 2022/03/17 20:42 PST

AWS is aware of an issue present in OpenSSL versions 1.0.2, 1.1.1, and 3.0 in which a certificate containing invalid explicit curve parameters can cause denial of service (DoS) by triggering an infinite logic loop. This issue was eliminated in the releases of OpenSSL 1.0.2zd, 1.1.1n, and 3.0.2. AWS is aware of this issue and is actively investigating for impact to AWS services.