Skip to content

Operational information about the recently announced vulnerability in OpenSSL 3

License

Notifications You must be signed in to change notification settings

MaxGroot/OpenSSL-2022

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

2022 OpenSSL vulnerability - CVE-2022-3602/CVE-2022-3786

Spooky SSL

This repo contains operational information regarding CVE-2022-3602 and CVE-2022-3786, two vulnerabilities in OpenSSL 3.0.0-3.0.6. For more information see:

What is OpenSSL and what is it used for?

OpenSSL is a library used for cryptographic purposes, especially in the field of network connections. For example, web servers often use OpenSSL to establish encrypted HTTPS connections. Mail servers and VPN protocols such as OpenVPN also use OpenSSL to establish encrypted communication channels. The library can be found in a broad array of products, including network devices, embedded systems and container images.

What products are vulnerable?

The vulnerability is present in products using OpenSSL 3.0.0-3.0.6. Products that use OpenSSL 1.0.2 or 1.1.1 are not affected.

Currently no complete overview of vulnerable products is available. Please see software/README.md for a list of products that are known to be vulnerable. The list is a work in progress. For more information about specific products, please refer to your supplier.

The product I use is vulnerable to this issue. What should I do?

For up-to-date information about patches and mitigations, please refer to your product vendor.

IoCs and Detection

There are currently no known IoCs that indicate exploitation of this vulnerability. IoCs will be shared - when possible - through this repository. For network detection rules please see iocs_detection/README.md.

Hall of fame

We would like to thank every single one that provided source information or whom contributed to our GitHub page.

Below we present a very incomplete list of contributants or sources we consider the repository's hall of fame:

About

Operational information about the recently announced vulnerability in OpenSSL 3

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published