OpenSSL Releases Update to Address Several High-Severity Vulnerabilities

Threat Level

Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

The OpenSSL Project has released fixes for several security flaws, including a high-severity bug (CVE-2023-0286) that could expose users to malicious attacks. The bug is related to a type of confusion issue that may allow an attacker to read memory contents or cause a denial-of-service. The vulnerability is rooted in the way the cryptographic library handles X.509 certificates and is likely to impact only applications that have a custom implementation for retrieving a certificate revocation list.