The OpenSSL Project has announced the release of OpenSSL 3.0.7. Everyone was waiting with bated breath to hear the specifics of the first serious vulnerability found since 2016, but the project’s developers chose to reduce the vulnerability’s severity level.
Last week, the OpenSSL Project disclosed that a critical vulnerability in OpenSSL 3.0 would be fixed by an update. A buffer overrun vulnerability known as CVE-2022-3602 has been identified in X.509 certificate verification that can be exploited. Exploiting the flaw could result in remote code execution or a denial-of-service (DoS) condition brought on by a crash.
Also Read: Three Strategies to Defend Against DDoS Attacks in 2022 and Beyond
The advisory for CVE-2022-3602 states that “An attacker can create a malicious email address to overflow four attacker-controlled bytes on the stack.”
Read More: Anxiously Awaited OpenSSL Vulnerability’s Severity Downgraded From Critical to High
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
