⚡ TL;DR | Go Straight to the OpenSSL Report
The OpenSSL Project released new versions today of their package including fixes for two vulnerabilities.
|High||CVE-2022-2274||3.0.4||AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances.|
|The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions.|
The vulnerabilities are fixed in the latest version, 3.0.5 or 1.1.1q depending on which version of OpenSSL you are currently using.
CVE-2022-2274 lists that if exploited successfully, attackers can trigger a remote code execution (RCE) on the machine that is performing the computation. For the less severe vulnerability, CVE-2022-2097, the lack of encryption could lead to partial data being revealed in plain text. OpenSSL has detailed the vulnerabilities more in their vulnerability news section.