Patches released for 2 OpenSSL High Vulnerabilities
On Nov 1st OpenSSL project has release patches for a couple of high severity flaws that could trigger Denial of Service or trigger remote code execution.
Tracked as CVE-2022-3786 An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.’ character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). CVE-2022-3602 An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution.
Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6
Docker estimates about 1,000 image repositories could be impacted across various Docker Official Images and Docker Verified Publisher images.
Censys has created an interactive dashboard showing (some of the) servers running a version of OpenSSL.