OpenSSL 3.0.4 Buffer Overflow in AVX512 code, fixed in 3.0.5

For discussions about security.
Post Reply
artemis
Posts: 44
Joined: Wed Mar 24, 2021 8:16 pm
Has thanked: 8 times
Been thanked: 5 times

OpenSSL 3.0.4 Buffer Overflow in AVX512 code, fixed in 3.0.5

Post by artemis »

If your processor doesnt support AVX512 this doesn't affect you. I know mine doesn't! Win for sticking to old hardware. See https://en.wikipedia.org/wiki/AVX-512#CPUs_with_AVX-512, it is basically only AMD Zen 4 and intel cannon lake and newer

basically there is a bug in the code that uses AVX512 instructions that can easily cause a buffer overflow, and buffer overflows have a long history of being turned into bigger security problems. If you use OpenSSL 3.0.4, time to upgrade to 3.0.5, if your CPU does AVX512. But don't worry, you probably have not been "pwned" from this.

Here is the CVE, https://www.cve.org/CVERecord?id=CVE-2022-2274

Post Reply

Return to “Security”