PRUEBA AHORA
Vulnerability

OpenSSL Fixes Multiple Vulnerabilities

1 min. read
07/07/2022
By Esben Dochy
OpenSSL-Vulnerability-Featured

⚡ TL;DR | Go Straight to the OpenSSL Report

The OpenSSL Project released new versions today of their package including fixes for two vulnerabilities.

SeverityCVEVersions AffectedDescription
HighCVE-2022-22743.0.4AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances.
ModerateCVE-2022-20973.0.0-3.0.4
1.1.1-1.1.1p
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions.

The vulnerabilities are fixed in the latest version, 3.0.5 or 1.1.1q depending on which version of OpenSSL you are currently using.

CVE-2022-2274 lists that if exploited successfully, attackers can trigger a remote code execution (RCE) on the machine that is performing the computation. For the less severe vulnerability, CVE-2022-2097, the lack of encryption could lead to partial data being revealed in plain text. OpenSSL has detailed the vulnerabilities more in their vulnerability news section.

linux openssl report