Security News > 2022 > October > Critical Vulnerability in Open SSL
There are no details yet, but it's really important that you patch Open SSL 3.x when the new version comes out on Tuesday.
How bad is "Critical"? According to OpenSSL, an issue of critical severity affects common configurations and is also likely exploitable.
It's likely to be abused to disclose server memory contents, and potentially reveal user details, and could be easily exploited remotely to compromise server private keys or execute code execute remotely.
In other words, pretty much everything you don't want happening on your production systems.
News URL
https://www.schneier.com/blog/archives/2022/10/critical-vulnerability-in-open-ssl.html
Related news
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability (source)
- A critical vulnerability in Delinea Secret Server allows auth bypass, admin access (source)
- PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) (source)
- Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) (source)