Patch available for pre-announced Critical Vulnerability in OpenSSL

Threat Level – Red | Vulnerability Report
Download PDF

OpenSSL has released the Patch for the pre-announced critical vulnerability. In the announcement the severity of the vulnerability was Critical based on the fact that it can lead to RCE but after the detailed analysis severity is downgraded to high in a security advisory published by the OpenSSL Project. This Vulnerability is about Buffer overrun in X.509 certificate verification flow, specifically in name constraint checking. Version 3.0.7 of OpenSSL fixes CVE-2022-3602 along with a similar vulnerability CVE-2022-3786.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox