OpenSSL has patched two high severity vulnerabilities

Bangaly Koita 2 years ago

OpenSSL has released two high severity vulnerabilities within the open source OpenSSL library.

The both vulnerabilities CVE-2022-3602 and CVE-2022-3786 require a malicious X.509 certificate that has been signed by a valid certificate authority.

The first vulnerability CVE-2022-3602 – could cause a denial of service by allowing the bytes containing the character “.” (decimal 46) to be entered on the stack.

The second one CVE-2022-3786 – could cause a denial of service by allowing the attacker to craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the “.” character (decimal 46) on the stack.

Affected version: OpenSSL versions 3.0.0 to 3.0.6.

Mitigation: OpenSSL 3.0 users should upgrade to OpenSSL 3.0.7.

You may have missed

OSINT

What is OSINT ?

Bangaly Koita 2 weeks ago
Windows file system whitelist

Windows files system you should never whitelist in your environment

Bangaly Koita 4 months ago
urlscan 3

New update in URLSCAN to detect malicious domains

Bangaly Koita 7 months ago
open file

How to securely open a file

Bangaly Koita 11 months ago
payoutproject scam

Payoutproject[.]com the biggest scam ever on social media Facebook, twitter, TikTok, Instagram

Bangaly Koita 1 year ago