First published: 4th November 2022
Last updated: 4th November 2022
Two vulnerabilities have been found in the implementation of OpenSSL. This affects the following supported DriveLock products (supported by the time this bulletin was created):
The detected vulnerabilities (CVE-2022-3602 and CVE-2022-3786) in OpenSSL allow execution of arbitrary code using a buffer overrun which can be triggered in X.509 certificate verification, specifically in name constraint checking.
Drivelock cannot be targeted using these exploits.
Customers do not need to update their environment.
Nevertheless we always recommend to use the latest available version.