Company
Date Published
Nov. 4, 2022
Author
-
Word count
240
Language
English
Hacker News points
None

Summary

On October 25, 2022, a potential critical OpenSSL vulnerability was discovered, with official details published on November 1, 2022. Two high-severity vulnerabilities (CVE-2022-3786 and CVE-2022-3602) affecting OpenSSL v3.0-3.6 were identified, which could lead to buffer overruns resulting in denial of service or remote code execution. Exploitation requires a malicious certificate signed by a certificate authority or an application continuing verification despite failure to construct a path to a trusted issuer. Aiven services and the platform have been thoroughly investigated for potential vulnerabilities, but no impact has been found.