Patch released for High Severity bug – OpenSSL


What is OpenSSL?

OpenSSL was first released in 1998. It is a general-purpose cryptography library that provides an open-source implementation of the SSL(Secure Socket Layer) and TLS(Transport Layer Security) protocols. This enables users to generate private keys, create certificate signing requests (CSRs), and install SSL/TLS certificates.

About the Vulnerability(Bug):

On 5 July 2022 OpenSSL has released officially the serious bugs Heap memory corruption with RSA private key operation (CVE-2022-2274). This could lead to RCE(Remote Code Execution), which is one of the severe vulnerabilities which cause Initial Access, Information Disclosure, Denial of Service, Crypto mining, and Ransomware attacks.

In their report, they mentioned it as the Severe Bug and requested the ‘users of the OpenSSL 3.0.4 version should upgrade to OpenSSL 3.0.5’. Please check the full report here.

Users of the OpenSSL 3.0.4 version should upgrade to OpenSSL 3.0.5. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue. This issue was reported to OpenSSL on 22nd June 2022 by Xi Ruoyao. The fix was developed by Xi Ruoyao.

– OpenSSL

Reference:

OpenSSL – https://www.openssl.org/news/secadv/20220705.txt

%d bloggers like this: