Skip to main content
ExLibris

Knowledge Assistant

BETA
 
Cross-Product

 

Ex Libris Knowledge Center
  1. Search site
    Go back to previous article
    2. Sign in
      • Sign in
      • Forgot password
  1. Home
  2. Cross-Product
  3. Security
  4. Advisories
  5. Security Advisory – OpenSSL High Vulnerabilities (CVE-2022-3786 and CVE-2022-3602) - November 02, 2022

Security Advisory – OpenSSL High Vulnerabilities (CVE-2022-3786 and CVE-2022-3602) - November 02, 2022

  1. Last updated
  2. Save as PDF
  3. Share
    1. Share
    2. Tweet
    3. Share
No headers

Overview

On November 1st, OpenSSL version 3.0.7 was released to address two high-severity buffer overflow vulnerabilities (CVE-2022-3602 and CVE-2022-3786) impacting versions 3.0.0 through 3.0.6.

By exploiting these vulnerabilities, it may allow an attacker to craft a malicious email address and subsequently causing a denial of service.

Ex Libris products are not affected by these vulnerabilities.

 

References

  • https://www.openssl.org/news/vulnerabilities.html

  • https://nvd.nist.gov/vuln/detail/CVE-2022-3602

  • https://www.bleepingcomputer.com/news/security/openssl-fixes-two-high-severity-vulnerabilities-what-you-need-to-know/

  • https://blog.checkpoint.com/2022/11/01/openssl-vulnerability-cve-2022-3602-remote-code-execution-and-cve-2022-3786-denial-of-service-check-point-research-update/

 

Effective Security Severity Level

High

 

Affected Systems

Ex Libris products are not affected by these vulnerabilities.

 

Tests and Certifications

Ex Libris products are being tested to confirm that they are not affected by these vulnerabilities.

 

Actions Taken for Hosted (Cloud) Systems

Ex Libris products are not affected by these vulnerabilities. Based on vendor recommendations, Ex Libris will deploy any additional protection in our cloud data centers to further protect our systems from this vulnerability.

 

Required Actions for On-Premises / Local Systems

Ex Libris products are not affected by this vulnerability.

 

Exploitation and Public Announcements

The Ex Libris Security Incident Response Team (SIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory in the context of Ex Libris products.

 

Record of Changes

Type of information Document Data

Document Title:

Security Advisory– OpenSSL High Vulnerabilities (CVE-2022-3786 and CVE-2022-3602) - November 02, 2022

 

Document Owner:

Eddie Lavian - Ex Libris Cyber Security Specialist

Approved by:

Tomer Shemesh - Ex Libris Chief Information Security Officer

Issued:

November 02, 2022

Reviewed & Revised:

November 02, 2022

 

Revision Control

Version Number Nature of Change Date Approved

1.0

Initial version

November 02, 2022

 

Document Distribution and Review

The document owner will distribute this document to all approvers when it is first created and as changes or updates are made. This document will be reviewed and updated regularly or upon written request by an approver or stakeholder. Questions or feedback about this document can be directed to the owner or a listed approver.

View article in the Exlibris Knowledge Center
  1. Back to top
    • Security Advisory - Vulnerability in digital file discovery - October 02, 2023
    • Security Advisory – Spring4Shell Security vulnerabilities (CVE-2022-22965 and CVE-2022-22963) – April 06, 2022
  • Was this article helpful?

Recommended articles

  1. Classifications
    This page has no classifications.
  2. Tags
    This page has no tags.
  1. © Copyright 2025 Ex Libris Knowledge Center
  2. Powered by CXone Expert ®
  • Term of Use
  • Privacy Policy
  • Contact Us
2025 Ex Libris. All rights reserved