• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
openssl releases patch for high severity bug that could lead to

OpenSSL Releases Patch for High-Severity Bug that Could Lead to RCE Attacks

You are here: Home / General Cyber Security News / OpenSSL Releases Patch for High-Severity Bug that Could Lead to RCE Attacks
July 6, 2022

The maintainers of the OpenSSL venture have launched patches to deal with a significant-severity bug in the cryptographic library that could likely guide to remote code execution below specified scenarios.

The issue, now assigned the identifier CVE-2022-2274, has been explained as a circumstance of heap memory corruption with RSA private crucial procedure that was released in OpenSSL model 3..4 unveiled on June 21, 2022.

1st released in 1998, OpenSSL is a normal-reason cryptography library that presents open-supply implementation of the Protected Sockets Layer (SSL) and Transportation Layer Security (TLS) protocols, enabling consumers to generate non-public keys, generate certificate signing requests (CSRs), install SSL/TLS certificates.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


CyberSecurity

“SSL/TLS servers or other servers employing 2048 bit RSA non-public keys managing on machines supporting AVX512IFMA directions of the X86_64 architecture are influenced by this issue,” the advisory famous.

Calling it a “severe bug in the RSA implementation,” the maintainers stated the flaw could lead to memory corruption throughout computation that could be weaponized by an attacker to induce remote code execution on the machine undertaking the computation.

Xi Ruoyao, a Ph.D. pupil at Xidian University, has been credited with reporting the flaw to OpenSSL on June 22, 2022. Consumers of the library are recommended to improve to OpenSSL model 3..5 to mitigate any potential threats.

Uncovered this short article intriguing? Follow THN on Fb, Twitter  and LinkedIn to examine additional exceptional material we publish.


Some sections of this short article are sourced from:
thehackernews.com

Previous Post: «introducing ibm security qradar xdr Introducing IBM Security QRadar XDR
Next Post: Solve cyber resilience challenges with storage solutions solve cyber resilience challenges with storage solutions»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors
  • Top 10 Best Practices for Effective Data Protection
  • Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks
  • Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
  • [Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications
  • Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit
  • Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
  • Pen Testing for Compliance Only? It’s Time to Change Your Approach
  • 5 BCDR Essentials for Effective Ransomware Defense
  • Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

Copyright © TheCyberSecurity.News, All Rights Reserved.