CVE-2022-2602 / CVE-2022-3768, Critical High vulnerabilities in OpenSSL 3.0
Last updated: $Date: 2022/11/01 04:51:25 $ UTC - best effort, validate all for your environment/model before use, unofficial sources may be wrong
by
@TychoTithonus (Royce Williams) and many contributors
You can make contributions on GitHub
Status
All information is currently staged in
a Google Sheet, with these tabs:
- Overview - main info: key updates, scope / impact / severity, links to tech analysis, detection / inventory, mitigation / remediation, exploitation (all tentative pre-announcement)
- OS-pkg - OSes, frameworks, and package systems
- Products - KB links, blog posts, and deduction of 3.x from previous CVE responses
- Orgs - Orgs / vendors / projects, with org-wide blog posts, roll-up / multi-product advisories, etc.
- Other SSLs - lists of other SSL projects and their status (assumed or confirmed)
- Older 3.x CVEs - If your vendor hasn't provided a reference or statement yet, you may be able to infer presence of 3.0.x with these
Return to The Story So Far (list of notable security events)
Follow
@techsolvency
for security-only updates,
or
@TychoTithonus (me) for general/personal (and password cracking / hashcat stuff)