Security Alerts

  • Home
  • Security Alerts

OpenSSL Releases Patch for High-Severity Bug that Could Lead to RCE Attacks

The maintainers of the OpenSSL project have released patches to address a high-severity bug in the cryptographic library that could potentially lead to remote code execution under certain scenarios. The issue, now assigned the identifier CVE-2022-2274, has been described as a case of heap memory corruption with RSA private key operation that was introduced in OpenSSL version 3.0.4 released on June 21, 2022. First released in 1998, OpenSSL is a general-purpose cryptography library that offers open-source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, enabling users to generate private keys, create certificate signing requests (CSRs), install SSL/TLS certificates.