Papirfly’s response to OpenSSL 3.x vulnerability
November 1, 2022 at 15:00 UTC
Introduction
Details of a critical vulnerability in OpenSSL will be published on 1st November 2022 between 1300 and 1700 UTC [1]. The vulnerability only affects version 3.x of OpenSSL.
OpenSSL is a widely used library for encrypting network traffic. OpenSSL rates the vulnerability as critical [2]. Papirfly has no more information about the vulnerability than what OpenSSL itself has published.
What we have done
- Reviewed all Pairfly services available on the public Internet to find any potential usage of OpenSSL 3.x
- Prepared to patch any services that may be vulnerable
- Prepared to take any services offline until they are patched, if they are determined to be vulnerable
What we have found
- None of our services use OpenSSL 3.x
What we are doing
- Waiting for OpenSSL to publish details of the vulnerability
References