OpenSSL Releases Security Updates

Scheduled updates of OpenSSL products

Threat ID:: CC-4059
Threat Severity:: Information only
Published:: 18 March 2022 3:54 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates of OpenSSL products

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 1.0.2zd, all prior to 1.1.1n, all prior to 3.0.2

OpenSSL

Threat details

Introduction

OpenSSL has released a security update to address a vulnerability that could cause a denial-of-service against a process that parses externally supplied certificates. An attacker could exploit this vulnerability to take control of an affected system.

Threat updates

Date	Update
5 Apr 2022	Vendors releasing security advisories Many vendors are releasing security updates for products affected by this vulnerability. Some vendor articles can be found in the “References” section of CVE-2022-0778. Organisations should consult with suppliers to find out which of their products are vulnerable, especially in the area of networking appliances, devices, and firewalls.

Remediation advice

Affected organisations are encouraged to review the OpenSSL security advisory and apply any relevant updates.

Definitive source of threat updates

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/17/openssl-releases-security-updates

CVE Vulnerabilities

Status Published

CVE-2022-0778

Last edited: 5 April 2022 12:21 pm