New versions of OpenSSL fix several vulnerabilities, including one high-severity bug that could lead to memory disclosure.
OpenSSL 3.0.7 fixes two high-risk buffer overflows in Punycode decoding (CVE-2022-3786 and CVE-2022-3602), one of which can lead to remote code execution.
OpenSSL will patch a critical security flaw in version 3.0.x on Nov.1, though details of the bug are still private.
A remotely exploitable memory corruption bug has been identified in OpenSSL 3.0.4 on x64 systems with the AVX512 instruction set.
OpenSSL has fixed a high-risk denial-of-service vulnerability in several versions of the software.