Vulnerability Management

High-severity OpenSSL flaw addressed

Patches have been issued to fix a high-severity security flaw in the OpenSSL cryptographic library, which could be exploited by threat actors to facilitate remote code execution, reports The Hacker News. The heap memory corruption vulnerability, tracked as CVE-2022-2274, was identified in OpenSSL version 3.0.4 and reported by Xidian University student Xi Ruoyao on June 22, a day after the vulnerable OpenSSL version was released. "SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue," said OpenSSL in an advisory. Malicious actors could leverage the "serious bug in the RSA implementation," which could trigger memory corruption, to remotely execute code on machines conducting computations, according to OpenSSL. OpenSSL users have been urged to apply the OpenSSL version 3.0.5 upgrade to prevent threats related to the vulnerability.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.