Reference: CERTFR-2023-AVI-0882
Risk: Data Confidentiality Breach
Affected Systems:
- OpenSSL versions 3.0.x prior to 3.0.12
- OpenSSL versions 3.1.x prior to 3.1.4
Summary: A vulnerability has been identified in OpenSSL, enabling an attacker to compromise data confidentiality.
Recommendations: Users of affected OpenSSL versions are strongly advised to take the following actions:
- Update OpenSSL: Ensure that OpenSSL is updated to version 3.0.12 or later for versions 3.0.x and version 3.1.4 or later for versions 3.1.x.
- Refer to Security Bulletin: For detailed information and patches, refer to the official security bulletin released by OpenSSL on October 24, 2023.
Documentation: Security Bulletin OpenSSL October 24, 2023
CVE Reference: CVE-2023-5363