The OpenSSL Project has informed users that an upcoming update will patch a critical vulnerability in the open source cryptography and secure communication toolkit.
OpenSSL version 3.0.7 is scheduled for Tuesday, November 1, between 13:00 and 17:00 UTC. No details have been provided, but it has been described as a ‘security-fix release’ that will include a patch for a vulnerability rated ‘critical’.
The issue does not appear to impact OpenSSL versions prior to 3.0.
This is the first critical vulnerability patched in OpenSSL since September 2016, and only the second flaw to be officially assigned a ‘critical’ severity rating.
[ READ: Evolution of OpenSSL Security After Heartbleed ]
In addition to the 3.0.7 release, the OpenSSL Project is also preparing version 1.1.1s, which is a bug fix release scheduled for the same day.
The OpenSSL Project started assigning severity ratings to vulnerabilities in 2014, when the notorious Heartbleed vulnerability came to light. Since the disclosure of Heartbleed, OpenSSL security has evolved significantly.
Roughly a dozen high-severity issues were discovered between 2014 and 2017. Then, no other high-severity vulnerabilities were identified until 2020, when two bugs were assigned this rating. Three high-severity issues were found in 2021 and two in 2022.
Related: Three New Vulnerabilities Patched in OpenSSL
Related: OpenSSL Vulnerability Can Be Exploited to Change Application Data
Related: High-Severity DoS Vulnerability Patched in OpenSSL
Related: OpenSSL Patches Remote Code Execution Vulnerability
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Zyxel Firewalls Hacked by Mirai Botnet
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
- Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations
- Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances
- OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers
- New Honeywell OT Cybersecurity Solution Helps Identify Vulnerabilities, Threats
- Rheinmetall Says Military Business Not Impacted by Ransomware Attack
- Dish Ransomware Attack Impacted Nearly 300,000 People
Latest News
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
- Security Pros: Before You Do Anything, Understand Your Threat Landscape

