OpenSSL code library patched after high-risk vulnerabilities found
< 1 min read
November 1, 2022 – Published on Axios
The developer of a widely used open-source code library released a patch to resolve two new high-risk security vulnerabilities in its tools that could allow hackers to remotely execute new code or trigger website crashes.
Driving the news: The OpenSSL Project released details about a security patch for the vulnerabilities on Tuesday after teasing their release last week.
- One of the flaws could potentially allow attackers to trigger a denial of service attack or access the ability to remotely deploy code. However, to be successful, this attack would require validation of an encryption certificate in an email, which is difficult to replicate.
- The second flaw could also allow attackers to send emails with malicious certificates to cause system crashes.
- The security flaws are only found on OpenSSL’s 3.0.0-3.0.6 versions. Earlier versions are not affected.
“Exploiting this vulnerability requires quite a bit of set up and a number of factors to fall into place before it could be leveraged,” said Victor Wieczorek, vice president of app security, threat and attack simulation at GuidePoint Security.
Read More HERE.