The OpenSSL server has now been patched to fix a critical flaw which could be used to remotely execute code or cause an application to crash.
The vulnerability was found in the OpenSSL TLS server extension code parsing which could be exploited in a buffer overrun attack.
All versions of OpenSSL supporting TLS extensions are affected, including OpenSSL 0.9.8f to 0.9.8o, 1.0.0 and 1.0.0a releases, according to an OpenSSL security advisory.
"Any OpenSSL-based TLS server is vulnerable if it is multi-threaded and uses OpenSSL's internal caching mechanism," the advisory said. "Servers that are multi-process and/or disable internal session caching are NOT affected."
Apache HTTP server and Stunnel are not affected, according to the OpenSSL team.
The security response team at Red Hat, which uses OpenSSL in Enterprise Red Hat Linux, rated the flaw as 'important'.
"It may be possible for a remote attacker to trigger this race condition and cause such an application to crash, or possibly execute arbitrary code with the permissions of the application," said a Red Hat security advisory.
Users of all OpenSSL 0.9.8 releases from 0.9.8f to 0.9.8o should update to the OpenSSL 0.9.8p release which contains a patch to correct the issue.
Users of OpenSSL 1.0.0 and 1.0.0a should update to the OpenSSL 1.0.0b release which also contains a patch.
Did you make the shortlist for the UK's most respected IT event?
Latest Tesla news: Tesla share price continues to fall after Saudi Arabia's sovereign wealth fund is linked to investment in rival
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
RTX 280 Ti will come with 11GB of fast GDDR6 video RAM with a 352-bit memory bus offering 616Gbps
The scale of jobs lost to automation will be at least as large as those in the first three industrial revolutions