TRY NOW
Vulnerability

OpenSSL Fixes Multiple Vulnerabilities

1 min. read
07/07/2022
By Esben Dochy
OpenSSL-Vulnerability-Featured

⚡ TL;DR | Go Straight to the OpenSSL Report

The OpenSSL Project released new versions today of their package including fixes for two vulnerabilities.

SeverityCVEVersions AffectedDescription
HighCVE-2022-22743.0.4AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances.
ModerateCVE-2022-20973.0.0-3.0.4
1.1.1-1.1.1p
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions.

The vulnerabilities are fixed in the latest version, 3.0.5 or 1.1.1q depending on which version of OpenSSL you are currently using.

CVE-2022-2274 lists that if exploited successfully, attackers can trigger a remote code execution (RCE) on the machine that is performing the computation. For the less severe vulnerability, CVE-2022-2097, the lack of encryption could lead to partial data being revealed in plain text. OpenSSL has detailed the vulnerabilities more in their vulnerability news section.

linux openssl report
NO CREDIT CARD REQUIRED

Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.