Cloudflare is not affected by the OpenSSL vulnerabilities CVE-2022-3602 and CVE-2022-3786
On November 1, 2022, OpenSSL released version 3.0.7 to address two high-risk vulnerabilities (CVE-2022-3602 and CVE-2022-3786) in the OpenSSL 3.0.x cryptographic library. These memory corruption issues could potentially allow attackers to execute arbitrary code on a victim's machine. However, Cloudflare is not affected by these vulnerabilities as it uses BoringSSL in its products. The vulnerabilities reside in the X.509 certificate verification code and require specific conditions to be met for exploitation. Users should patch vulnerable OpenSSL packages and update their software to mitigate potential risks.
Company
Cloudflare
Date published
Nov. 2, 2022
Author(s)
Evan Johnson, Michal Melewski
Word count
600
Language
English
Hacker News points
None found.