Security Advisory – Vulnerability in OpenSSL

Reference: CERTFR-2023-AVI-0882

Risk: Data Confidentiality Breach

Affected Systems:

  • OpenSSL versions 3.0.x prior to 3.0.12
  • OpenSSL versions 3.1.x prior to 3.1.4

Summary: A vulnerability has been identified in OpenSSL, enabling an attacker to compromise data confidentiality.

Recommendations: Users of affected OpenSSL versions are strongly advised to take the following actions:

  1. Update OpenSSL: Ensure that OpenSSL is updated to version 3.0.12 or later for versions 3.0.x and version 3.1.4 or later for versions 3.1.x.
  2. Refer to Security Bulletin: For detailed information and patches, refer to the official security bulletin released by OpenSSL on October 24, 2023.

Documentation: Security Bulletin OpenSSL October 24, 2023

CVE Reference: CVE-2023-5363