Preface: If you are doubts of this OpenSSL vulnerability (CVE-2021-3449 & CVE-2021-3450), you should update your current installations to OpenSSL 1.1.1k.
Background: With OpenSSL, you can apply for your digital certificate (Generate the Certificate Signing Request) and install the SSL files on your server. You can also convert your certificate into various SSL formats, as well as do all kind of verifications.
Vulnerability Details: The exploitation of these vulnerabilities could allow an attacker to use a valid non-certificate authority (CA) certificate to act as a CA and sign a certificate for an arbitrary organization, user or device, or to cause a denial of service (DoS) condition.
The design defect has problem occur when the X509_V_FLAG_X509_STRICT flag enable. Error occurs in additional security checks of the certificates present in a certificate chain).
Perhaps a defect found in presence of elliptic curve parameters.
Details require vendor provided.
Official details: https://www.openssl.org/news/secadv/20210325.txt