Skip to content

OpenSSL code library patched after high-risk vulnerabilities found

Posted by:
< 1 min read

November 1, 2022 – Published on Axios

The developer of a widely used open-source code library released a patch to resolve two new high-risk security vulnerabilities in its tools that could allow hackers to remotely execute new code or trigger website crashes.

Driving the news: The OpenSSL Project released details about a security patch for the vulnerabilities on Tuesday after teasing their release last week.

  • One of the flaws could potentially allow attackers to trigger a denial of service attack or access the ability to remotely deploy code. However, to be successful, this attack would require validation of an encryption certificate in an email, which is difficult to replicate.
  • The second flaw could also allow attackers to send emails with malicious certificates to cause system crashes.
  • The security flaws are only found on OpenSSL’s 3.0.0-3.0.6 versions. Earlier versions are not affected.

“Exploiting this vulnerability requires quite a bit of set up and a number of factors to fall into place before it could be leveraged,” said Victor Wieczorek, vice president of app security, threat and attack simulation at GuidePoint Security.

Read More HERE.

Categories: Application Security Cybersecurity News

GuidePoint Security

Application Security as a Service Overview
With our AppSec as a Service offering, we enable you to effectively launch your application security program and evolve and […]
Download

Related Articles

View All

  • Application Security
Application Security as a Service Overview
Read More < 1 min read
  • Application Security
Application Security Practice Overview
Read More < 1 min read
  • Vulnerability Management & Penetration Testing
What you need to know about the Log4j vulnerability
Read More < 1 min read