An urgent caution from OpenSSL alerts users to a memory corruption flaw that leaves servers open to remote code execution threats. The CVE-2022-2274 vulnerability, which was added to OpenSSL 3.0.4, may allow malicious hackers to launch remote code attacks on SSL/TLS server-side devices.
This problem is considered “high-severity” by the open-source community, which encouraged users to update to OpenSSL 3.0.5. For X86 64 CPUs implementing the AVX512IFMA instructions, a critical flaw in the RSA implementation was introduced with the release of OpenSSL 3.0.4. On these devices, this problem renders the RSA implementation with 2048-bit private keys invalid, and computations will experience memory corruption.
An attacker may be able to start a remote code execution on the computer executing the calculation as a result of the memory corruption.