![]() In terms of web applications, the adoption of OpenSSL V3.0 is very slow. On the other hand, NodeJS’s latest version is vulnerable. The Docker Official container images for popular projects like Redis and httpd are unaffected. In addition, many Docker Official images still use OpenSSL V1.x and are not affected. If you develop proprietary software in your organization, you should also check if your code uses the vulnerable OpenSSL version. These versions are considered testing versions so may not be widely used in production systems. It should be noted, however, that most of these Linux distributions only include OpenSSL 3.0 and above in their most recent releases of the OS applications. OpenSSL V3.0 has been incorporated into Linux operating systems such as Ubuntu 22.04 LTS, MacOS Ventura, Fedora 36, and others. We can split the impact into different categories: OS distributions, containers, web applications and any other application that uses an embedded OpenSSL library. What we do know is that, despite being the most recent version of OpenSSL, which was released one year ago, OpenSSL V3.0 is far less ubiquitous than OpenSSL V1.0. ![]() It is hard to predict the potential damage and risk of this vulnerability to the organization. Impact of the VulnerabilityĪccording to the announcement, the vulnerability affects only newer versions of OpenSSL V3.0 and higher. It is therefore extremely important that organizations act swiftly to determine any use of the affected OpenSSL version and if they are exposed to the vulnerability. On the basis of the critical level assigned by the OpenSSL team, we can assume that the vulnerability can be easily exploited, and involves data leakage or remote code execution.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |