Patch available for pre-announced Critical Vulnerability in OpenSSL
Patch available for pre-announced Critical Vulnerability in OpenSSL
Threat Level
Vulnerability Report
For a detailed threat advisory, download the pdf file here
Summary
OpenSSL has released the Patch for the pre-announced critical vulnerability. In the announcement the severity of the vulnerability was Critical based on the fact that it can lead to RCE but after the detailed analysis severity is downgraded to high in a security advisory published by the OpenSSL Project. This Vulnerability is about Buffer overrun in X.509 certificate verification flow, specifically in name constraint checking. Version 3.0.7 of OpenSSL fixes CVE-2022-3602 along with a similar vulnerability CVE-2022-3786.