Service Advisory Please share the following update with your teams. OpenSSL disclosed two high severity vulnerabilities - CVE-2022-3602 (buffer overflow with potential for remote code execution) and CVE-2022-3786 (buffer overflow) that could affect common configurations of OpenSSL version 3.0+. Please review the information below to help determine if you maintain any systems that could be affected. It’s important that any vulnerable system upgrade to OpenSSL 3.0.7. Note that this vulnerability was originally rated Critical and has been downgraded so out-of-cycle patching is not required. Severity level Description CVE-2022-3602 is an arbitrary 4-byte stack buffer overflow that could trigger crashes or lead to remote code execution (RCE), while CVE-2022-3786 can be exploited by attackers via malicious email addresses to trigger a denial of service state via a buffer overflow. Affected Versions Impact Resolution Reference We thank you for your continued support and understanding. Contact |
PRIVACY POLICY | VISIT WWW.YORKU.CA This email is viewed best in Microsoft Outlook for web |