/plushcap/analysis/aiven/security-update-on-openssl-x-509-email-address-buffer-overflow

Security updates: OpenSSL X.509 email address buffer overflow

What's this blog post about?

On October 25, 2022, a potential critical OpenSSL vulnerability was discovered, with official details published on November 1, 2022. Two high-severity vulnerabilities (CVE-2022-3786 and CVE-2022-3602) affecting OpenSSL v3.0-3.6 were identified, which could lead to buffer overruns resulting in denial of service or remote code execution. Exploitation requires a malicious certificate signed by a certificate authority or an application continuing verification despite failure to construct a path to a trusted issuer. Aiven services and the platform have been thoroughly investigated for potential vulnerabilities, but no impact has been found.

Company
Aiven

Date published
Nov. 4, 2022

Author(s)

Word count
240

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.