The vulnerability in OpenSSL versions 1.0.2, 1.1.1(Affected 1.1.1-1.1.1m) and 3.0 triggers an infinite loop in the function BN_mod_sqrt() of OpenSSL while parsing an elliptic curve key. This means that a maliciously crafted X.509 certificate can DoS any unpatched server.