Patch available for pre-announced Critical Vulnerability in OpenSSL

Threat Level

Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

OpenSSL has released the Patch for the pre-announced critical vulnerability. In the announcement the severity of the vulnerability was Critical based on the fact that it can lead to RCE but after the detailed analysis severity is downgraded to high in a security advisory published by the OpenSSL Project. This Vulnerability is about Buffer overrun in X.509 certificate verification flow, specifically in name constraint checking. Version 3.0.7 of OpenSSL fixes CVE-2022-3602 along with a similar vulnerability CVE-2022-3786.