Page 1 of 1

OpenSSL 3.0.4 Buffer Overflow in AVX512 code, fixed in 3.0.5

Posted: Thu Jul 07, 2022 7:23 am
by artemis

If your processor doesnt support AVX512 this doesn't affect you. I know mine doesn't! Win for sticking to old hardware. See https://en.wikipedia.org/wiki/AVX-512#CPUs_with_AVX-512, it is basically only AMD Zen 4 and intel cannon lake and newer

basically there is a bug in the code that uses AVX512 instructions that can easily cause a buffer overflow, and buffer overflows have a long history of being turned into bigger security problems. If you use OpenSSL 3.0.4, time to upgrade to 3.0.5, if your CPU does AVX512. But don't worry, you probably have not been "pwned" from this.

Here is the CVE, https://www.cve.org/CVERecord?id=CVE-2022-2274