OpenSSL High-Severity Vulnerability Could Lead to RCE
July 7, 2022
OpenSSL High-Severity Vulnerability Could Lead to RCE
OpenSSL has released a security update to address a High-Severity vulnerability affecting OpenSSL 3.0.4.
An attacker could exploit this vulnerability to perform Remote Code Execution.
The Vulnerability
- CVE-2022-2274, (High-Severity) – a heap memory corruption with RSA private key operation.
This issue causes the RSA implementation with 2048-bit private keys to fail on such machines, resulting in memory corruption during the computation.
An attacker may be able to trigger a remote code execution on the machine performing the computation as a result of the memory corruption.
Affected Versions
· OpenSSL 3.0.4 (OpenSSL 1.1.1 and 1.0.2 are not affected by this issue)
Mitigation
CYREBRO recommends using the library to update to the latest OpenSSL version – OpenSSL 3.0.5.
References: NIST Advisory, QNAP Advisory
