Security Alert (A22-11-03): Multiple Vulnerabilities in OpenSSL


 

Published on: 02 November 2022

  
  

Description:

OpenSSL has released 3.0.7 to fix the vulnerabilities in various versions of OpenSSL. The details of the security update can be found at:
https://www.openssl.org/news/secadv/20221101.txt

 

Affected Systems:

  • OpenSSL versions 3.0.0 to 3.0.6

 

Impact:

Successful exploitation could lead to remote code execution or denial of service on an affected system.

 

Recommendation:

Patches for affected software are available. System administrators of affected systems should follow the recommendations provided by the software vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.openssl.org/news/secadv/20221101.txt
  • https://www.hkcert.org/security-bulletin/openssl-multiple-vulnerabilities_20221102
  • https://www.cisa.gov/uscert/ncas/current-activity/2022/11/01/openssl-releases-security-update
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3602
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3786


Tag: OpenSSL
Tags