The OpenSSL version 3.0.4 encryption library, released on June 21, 2022, was found to have a high-severity security vulnerability (number CVE-2022-2274) that could cause incorrect RSA private key operation and heap memory (Heap) Memory corruption, which in some cases raises the possible risk of Remote Code Execution (RCE) attacks. A few days ago, the OpenSSL project maintainers have released an update patch to address this high-risk vulnerability.
OpenSSL, first released in 1988, is a general-purpose cryptographic library that provides open-source implementations of the SSL and TSL protocols, allowing users to generate private keys, establish Certificate Signing Requests (CSRs), and Install SSL/TLS certificates.
The latest OpenSSL security bulletin highlights that any SSL/TLS server or other server that uses a 2048-bit RSA private key (and that private key is running on a machine that supports the AVX512FMA command for the X86_64 architecture) is affected by this vulnerability.
The reason why OpenSSL’s latest security bulletin rated the severity of the vulnerability as “high” is because the vulnerability can cause memory corruption during computing, allowing hackers to take advantage of the opportunity to launch remote code execution attacks on specific machines . In any case, users should update to OpenSSL version 3.05 as soon as possible to mitigate possible potential threats and risks.
(Source of the first image: Pixabay)
New technological knowledge, updated from time to time