Skip to main content

OpenSSL Multiple Vulnerabilities

Release Date: 9 Feb 2023 4821 Views

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities were identified in OpenSSL. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, sensitive information disclosure and security restriction bypass on the targeted system.


Impact

  • Denial of Service
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • OpenSSL versions 3.0.0 to 3.0.7
  • OpenSSL 1.1.1
  • OpenSSL 1.0.2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

 

  • OpenSSL versions 3.0 users should upgrade to OpenSSL 3.0.8
  • OpenSSL versions 1.1.1 users should upgrade to OpenSSL 1.1.1t
  • OpenSSL versions 1.0.2 users should upgrade to OpenSSL 1.0.2zg (premium support customers only)

 

Since OpenSSL is distributed as source code in various products, users are recommended to review if the products in-use are related to the vulerabilities via vendors' website and update accordingly.


Vulnerability Identifier


Source


Related Link