OpenSSL 3.0.7 Patches Two Critical X.509 Verification Vulnerabilities
OpenSSL has released version 3.0.7 to address two critical vulnerabilities in its X.509 certificate verification process. The update comes after a pre-announcement to help organizations prepare their response. Despite the potential severity, no remote code execution exploits are currently available.
The vulnerabilities, initially thought to be as severe as Heartbleed, were later split into two CVEs (CVE-2022-37786 and CVE-2022-3602). They affect the name constraint checking within the X.509 certificate verification process. Exploiting these issues requires a certificate authority (CA) to have signed the malicious certificate or the application to bypass security best practices.
OpenSSL 3.0, which includes the patches, has been available for about 14 months but has seen limited adoption. Currently, only 10% of organizations (around 1.5K) and less than 0.1% of servers are running a vulnerable version of OpenSSL 3.0. However, 82% of all OpenSSL instances are end-of-life (EOL) or end-of-support (EOS), with over 200 vulnerabilities identified across various versions.
While the current impact is limited, the potential severity of these vulnerabilities cannot be overlooked. Organizations are urged to update to OpenSSL 3.0.7 to ensure their systems are secure. The lack of immediate exploits does not diminish the importance of prompt action.
Read also:
- Strengthening Defense against Multi-faceted menaces in the Age of Authority-driven Technology
- Industries Under Jeopardy Due to Multi-Accounting: Prevention Strategies Revealed in 2024
- Web3 Esports undergoes transformation as Aylab and CreataChain collaborate for a radical change
- Latest Tech Highlights: Top Gadgets of March 2025
