1/9/2024 0 Comments Openssl version![]() You can also watch this quick 5-minute video summary of the vulnerabilities, including a technical breakdown and thoughts on impact and severity, by Shir Tamari Head of Research is the security bug behind these vulnerabilities? Although OpenSSL 3.3 is the current major version, it is still significantly less prevalent than OpenSSL 1, which is not impacted by this vulnerability. These vulnerabilities affect OpenSSL versions 3.0.0 and above, as well as any application with an embedded impacted OpenSSL library in the affected version range. The other vulnerability (CVE-2022-3786) is also deemed to be of High severity. One of these vulnerabilities (CVE-2022-3602) was initially announced to be of Critical severity, but OpenSSL later lowered its severity to High due to several mitigating factors (details below). OpenSSL has published details of two new High severity vulnerabilities in OpenSSL ( official advisory, blog post). It is widely used by Internet servers, including the majority of HTTPS websites. OpenSSL is a cryptographic library that is universally used for encrypting communications on the Internet. What we know about the OpenSSL vulnerabilities so far *This blog was updated on November 1st, 2022 following OpenSSL Project's patch release. Moreover, Wiz data shows only 1.5% of OpenSSL instances are impacted versions. According to Wiz Research, these buffer overflow vulnerabilities are hard to exploit and require specific exploits per target application the likelihood of generic, mass exploitation attempts of clients/servers that utilize the OpenSSL 3 library is low. TL DR: OpenSSL Project released two new vulnerabilities, CVE-2022-3602 and CVE-2022-3786, which are less severe than previously announced.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |