"OpenSSL Releases Patch for High-Severity Bug that Could Lead to RCE Attacks"
The OpenSSL project's maintainers have released patches to address a high-severity bug in the cryptographic library that could lead to Remote Code Execution (RCE) in certain scenarios. The vulnerability, now known as CVE-2022-2274, has been described as a case of heap memory corruption with RSA private key operation introduced in OpenSSL version 3.0.4, which was released on June 21, 2022. The maintainers described the flaw as a "serious bug in the RSA implementation," saying it could lead to memory corruption during computation, which an attacker could use to trigger RCE on the machine performing the computation. This article continues to discuss the RCE bug fixed by OpenSSL.
THN reports "OpenSSL Releases Patch for High-Severity Bug that Could Lead to RCE Attacks"