34.Key AbstractDigital

The OpenSSL Project team has announced that, on November 1, 2022, they will release OpenSSL version 3.0.7, which will fix a critical vulnerability in the popular open-source cryptographic library (but does not affect OpenSSL versions before 3.0).

According to the team’s own risk classification, critical vulnerabilities in OpenSSL are those that affect common configurations and are likely to be exploitable.

“Examples include significant disclosure of the contents of server memory (potentially revealing user details), vulnerabilities which can be easily exploited remotely to compromise server private keys or where remote code execution is considered likely in common situations,” they say.