Follow

Venafi Product Security Advisory - OpenSSL Critical Vulnerability Disclosure

 

Security Bulletin Owner - Pratik Savla - pratik.savla@venafi.com

Security Issue Summary –

OpenSSL is a library used for cryptographic purposes, especially in the field of network connections.

The OpenSSL team made a pre-announcement that, on November 1, 2022, they will release OpenSSL version 3.0.7. As per them, this release will fix a critical vulnerability in OpenSSL.

As per OpenSSL, a critical severity vulnerability is one that affects common configurations, and which is also likely to be exploitable. The examples they have cited are significant disclosure of the contents of server memory (potentially revealing user details), vulnerabilities which can be easily exploited remotely to compromise server private keys or where remote code execution is considered likely in common situations.

What OpenSSL versions are vulnerable in this case?

Vulnerable -

  • OpenSSL 3.0.x

Not Vulnerable -

  • OpenSSL 1.1.1
  • OpenSSL 1.1.0
  • OpenSSL 1.0.2
  • OpenSSL 1.0.1
  • LibreSSL

Impact to Venafi Products -

Venafi R&D Team has evaluated and assessed all the supported releases of all the Venafi Products for any impact by this. No Venafi products were found to be vulnerable. This advisory will be updated with new information in the event new information becomes available.

Mitigation / Recommended Actions

No mitigation for Venafi Products is required at this time as all products are currently unaffected.

Venafi Security Advisory Status - GREEN

References

 

 

 

 

 

Was this article helpful?
1 out of 1 found this helpful

Comments