Skip to content

High-severity OpenSSL vulnerabilities fixed (CVE-2022-3602, CVE-2022-3786)

Posted by: GuidePoint Security

< 1 min read

November 1, 2022 – Published on HelpNetSecurity

Version 3.0.7 of the popular OpenSSL cryptographic library is out, with fixes for CVE-2022-3602 and CVE-2022-3786, two high-severity buffer overflow vulnerabilities in the punycode decoder that could lead to crashes (i.e., denial of service) or potentially remote code execution.

CVE-2022-3602, whose existence was preannounced by the OpenSSL Project team a week ago, has luckily turned out to be less dangerous than initially thought.

“Exploiting this vulnerability requires quite a bit of set up and a number of factors to fall into place before it could be leveraged. Organizations should perform analysis to see if they are impacted, although there are relatively limited affected systems, as the attack primarily impacts the client-side, not the server. Technologies like SCA (software composition analysis) tools can help organizations identify where these components are so they can create an inventory and then a plan for remediation based on risk,” commented Victor Wieczorek, VP of App Sec, Threat & Attack Simulation at GuidePoint Security.

Read More HERE.

Categories: Application Security Cybersecurity News

GuidePoint Security

Application Security as a Service Overview
With our AppSec as a Service offering, we enable you to effectively launch your application security program and evolve and […]
Download

Related Articles

View All

  • Application Security
Application Security as a Service Overview
Read More < 1 min read
  • Application Security
Application Security Practice Overview
Read More < 1 min read
  • Cybersecurity
Healthcare sector struggles to address Log4j vulnerability without ‘breaking’ critical applications
Read More < 1 min read