One Article Review
| Source |  CSO |
|---|---|
| Identifiant | 7768460 |
| Date de publication | 2022-11-01 12:46:00 (vue: 2022-11-01 20:06:31) |
| Titre | OpenSSL project patches two vulnerabilities but downgrades severity |
| Texte | The OpenSSL project released a patch for two high severity vulnerabilities in the world's most widely used cryptographic library. The project's maintainers warned users since last week to prepare for a critical patch on November 1, but the severity has since been downgraded following additional testing.Organizations should still determine which of their applications and servers are impacted and deploy the patches as soon as possible. The vulnerabilities affect all versions of OpenSSL 3.0, which has been available since last year.Buffer overflows in X.509 certificate verification The two vulnerabilities, tracked as CVE-2022-3786 and CVE-2022-3602, are buffer overflow conditions in the punycode decoding functionality that was first introduced in OpenSSL 3.0.0 in September 2021. Punycode is a system for representing Unicode characters as ASCII and is used for example to represent internationalized domain names in the DNS system. In OpenSSL the vulnerable code is used for processing email address name constraints in X.509 certificates, also commonly known as SSL/TLS certificates.To read this article in full, please click here |
| Envoyé | Oui |
| Condensat | 2021 2022 3602 3786 509 additional address affect all also applications are article ascii available been buffer but certificate certificates characters click code commonly conditions constraints critical cryptographic cve decoding deploy determine dns domain downgraded downgrades email example first following full functionality has here high impacted internationalized introduced known last library maintainers most name names november openssl organizations overflow overflows patch patches please possible prepare processing project punycode read released represent representing september servers severity should since soon ssl/tls system testing tracked two unicode used users verification versions vulnerabilities vulnerable warned week which widely world year |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.