mickmick.net

OpenSSL Multiple Vulnerabilities

Release Date: 5 May 2022

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

Multiple vulnerabilities were identified in OpenSSL. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution and security restriction bypass on the targeted system.

---

Impact

• Denial of Service
• Remote Code Execution
• Security Restriction Bypass

---

System / Technologies affected

• OpenSSL versions 1.0.2, 1.1.1 and 3.0

---

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Update to:

• Version 1.0.2ze
• Version 1.1.1o
• Version 3.0.3

---

Vulnerability Identifier

• CVE-2022-1292
• CVE-2022-1343
• CVE-2022-1434
• CVE-2022-1473

---

Source

• openSSL
• SecurityWizardry

---

Related Link

• https://www.openssl.org/news/secadv/20220503.txt
• https://www.securitywizardry.com/index.php/the-radar-page/alert-details.html#alerts