The announcement has been noteworthy as this is only the second time OpenSSL has classified a flaw as “critical” since the Heartbleed bug in 2014. It has also been somewhat controversial among the security community, with some questioning whether the OpenSSL project's decision to go public about the vulnerability before the patch gives attackers more opportunities to exploit it.
Checkmarx researchers say the vulnerability was fixed, but warns that the potential attack surface for such “hidden malicious code” may grow exponentially.