Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. High Severity Vulnerabilities in OpenSSL
Alerts

High Severity Vulnerabilities in OpenSSL

2 November 2022

OpenSSL has released security updates to address two high-severity vulnerabilities (CVE-2022-3602 and CVE-2022-3786) in its open-source cryptographic library, which is used to encrypt communication channels and HTTPS connections.

The vulnerabilities are as follows:

  • CVE-2022-3602 - A X.509 Email Address 4-byte Buffer Overflow that could trigger crashes, causing a denial of service or leading to a potential remote code execution (RCE).

  • CVE-2022-3786 - A X.509 Email Address Variable Length Buffer Overflow that can be exploited by an attacker using a crafted malicious email address to trigger crashes, causing a denial of service.

OpenSSL versions 3.0.0 to 3.0.6 are affected by these vulnerabilities. Administrators and users of the affected versions are advised to upgrade to version 3.0.7 immediately.

More information is available here:

https://www.openssl.org/news/secadv/20221101.txt
https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
https://www.bleepingcomputer.com/news/security/openssl-fixes-two-high-severity-vulnerabilities-what-you-need-to-know/

Back to top