OpenSSL v3 X.509 Email Address Buffer Overflows (CVE-2022-3786 and CVE-2022-3602)
1667300400000
Last week the OpenSSL Project announced they would release OpenSSL v3.0.7 on November 1st, highlighting that this release will be a security fix for a critical vulnerability of the highest severity. Upon release of the fix and the advisory, the OpenSSL Project downgraded CVE-2022-3602 from critical to high severity. CVE-2022-3786 was already rated as high. Further information is available at the OpenSSL Blog.
We would like to assure you that Barracuda WAF-as-a-Service is not vulnerable to this issue because it does not use any affected versions of OpenSSL (v3.0.0 through v3.0.6).
We would also like to highlight that WAF-as-a-Service will protect any of your backend workload servers that may be running a vulnerable version of OpenSSL v3.
We will update this article with further information as it becomes available.
Last updated 2022-11-01 17:27 UTC+0
Did you like this update?
Leave your name and email so that we can reply to you (both fields are optional):
