Affected versions of this package are vulnerable to NULL Pointer Dereference. If sent a maliciously crafted renegotiation
ClientHello message from a client, an OpenSSL TLS server may crash.
If a TLSv1.2 renegotiation
ClientHello omits the
signature_algorithms extension (where it was present in the initial
ClientHello), but includes a
signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a Denial of Service.
node to version 15.14.0, 14.16.1, 12.22.1, 10.24.1 or higher.