Security updates: OpenSSL X.509 email address buffer overflow
On October 25, 2022, a potential critical OpenSSL vulnerability was discovered, with official details published on November 1, 2022. Two high-severity vulnerabilities (CVE-2022-3786 and CVE-2022-3602) affecting OpenSSL v3.0-3.6 were identified, which could lead to buffer overruns resulting in denial of service or remote code execution. Exploitation requires a malicious certificate signed by a certificate authority or an application continuing verification despite failure to construct a path to a trusted issuer. Aiven services and the platform have been thoroughly investigated for potential vulnerabilities, but no impact has been found.
Company
Aiven
Date published
Nov. 4, 2022
Author(s)
Word count
240
Language
English
Hacker News points
None found.