OpenSSL Multiple Vulnerabilities
Release Date: 9 Feb 2023
RISK: Medium Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities were identified in OpenSSL. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, sensitive information disclosure and security restriction bypass on the targeted system.
Impact
- Denial of Service
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- OpenSSL versions 3.0.0 to 3.0.7
- OpenSSL 1.1.1
- OpenSSL 1.0.2
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- OpenSSL versions 3.0 users should upgrade to OpenSSL 3.0.8
- OpenSSL versions 1.1.1 users should upgrade to OpenSSL 1.1.1t
- OpenSSL versions 1.0.2 users should upgrade to OpenSSL 1.0.2zg (premium support customers only)
Since OpenSSL is distributed as source code in various products, users are recommended to review if the products in-use are related to the vulerabilities via vendors' website and update accordingly.
Vulnerability Identifier
- CVE-2022-4203
- CVE-2022-4304
- CVE-2022-4450
- CVE-2023-0215
- CVE-2023-0216
- CVE-2023-0217
- CVE-2023-0286
- CVE-2023-0401
沒有留言:
發佈留言