OpenSSL Ships Patch for High-Severity Flaws
The OpenSSL maintainers slapped a high-severity rating on the flaw but notes that the vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network. ... The most serious of the bugs, a type confusion issue tracked as CVE-2023-0286, may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or launch denial-of-service exploits. CVEs: CVE-2022-4304, CVE-2023-0286, CVE-2022-4203 [View Article](https://www.securityweek.com/openssl-ships-patch-for-high-severity-flaws/)