Description:

OpenSSL has released 1.1.1n and 3.0.2 to fix the vulnerability in various versions of OpenSSL. The details of the security update can be found at:

https://www.openssl.org/news/secadv/20220315.txt

Please note that OpenSSL version 1.0.2 has reached End-Of-Life (EOL). No security updates will be provided. Users should arrange upgrading to supported versions or migrating to other supported technology.

Affected Systems:

• OpenSSL versions 1.0.2, 1.1.1 and 3.0

Impact:

Successful exploitation could lead to denial of service on an affected system.

Recommendation:

Patches for affected software are available. System administrators of affected systems should follow the recommendations provided by the software vendor and take immediate actions to mitigate the risk.

More Information:

• https://www.openssl.org/news/secadv/20220315.txt
• https://www.hkcert.org/security-bulletin/openssl-denial-of-service-vulnerability_20220316
• https://www.cisa.gov/uscert/ncas/current-activity/2022/03/17/openssl-releases-security-updates
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778