OpenSSL has released an announcement that forewarns of an upcoming Critical patch for a Critical vulnerability in OpenSSL versions 3.0 and above.
OpenSSL is a software library for applications used to secure communications over the internet and is widely used by the majority of internet-facing HTTPS websites.
In a statement published Tuesday October 25, 2022, OpenSSL explained they will be releasing OpenSSL 3.0.7, a security-fix release, on Tuesday November 1, 2022 to address a Critical severity issue in OpenSSL.
According to OpenSSL, Critical severity vulnerabilities “affect common configurations and which are also likely to be exploitable.”
“Examples include significant disclosure of the contents of server memory (potentially revealing user details), vulnerabilities which can be easily exploited remotely to compromise server private keys or where remote code execution is considered likely in common situations,” OpenSSL noted.
Check Point researchers also warned in a blog post that “organizations are called to remain alerted and prepare to patch and update systems this coming Tuesday, November 1st.”