The host is installed with OpenSSL 1.0.2 through 1.0.2y or 1.1.1 through 1.1.1k and is prone to an information disclosure vulnerability. A flaw is present in the OpenSSL string processing functions. On successful exploitation, attacker can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions this might result in a crash (causing a Denial of Service attack) or result in the disclosure of private memory contents (such as private keys, or sensitive plaintext).