OpenSSL Releases Security Update - November 1, 2022

Original release date: November 01, 2022

OpenSSL has released a security advisory to address two vulnerabilities, CVE-2022-3602 and CVE-2022-3786, affecting OpenSSL versions 3.0.0 through 3.0.6.

Both CVE-2022-3602 and CVE-2022-3786 can cause a denial of service. According to OpenSSL, a cyberthreat actor leveraging CVE-2022-3786, "can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buff er overflow could result in a crash (causing a denial of service) or potentially remote code execution," allowing them to take control of an affected system.

CISA encourages users and administrators to review the OpenSSL advisory , blog, OpenSSL 3.0.7announcement, and upgrade to OpenSSL 3.0.7. For additional information on aff ected products, see the 2022 OpenSSL vulnerability - CVE-2022-3602 GitHub repository , jointly maintained by the Netherland'sNational Cyber Security Centrum (NCSC-NL) and CISA.

View detailed report below. 

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Learn more about AHA's Cybersecurity and Risk Advisory Services

Key Resources

Related Resources

Advisory
Homeland Security Proposes New Cyber Incident Reporting Requirements
Member
Special Bulletin
UnitedHealth Group Provides Update on Data Impacted By Cyberattack
Member
Testimony
AHA House Statement on “Fiscal Year 2025 Department of Health and Human Services Budget”
Public
Testimony
AHA Testimony for Energy and Commerce Subcommittee Hearing on Cybersecurity
Infographics
H-ISAC TLP GREEN: Daily Cyber Headlines - April 8, 2024
Member
Other Resources
RWJ Barnabas Improves IoT Security Without Care Disruption