Security Bulletin #22-005 - OpenSSL 3.0 external library vulnerability

First published: 4th November 2022
Last updated: 4th November 2022
Severity: None


Two vulnerabilities have been found in the implementation of OpenSSL. This affects the following supported DriveLock products (supported by the time this bulletin was created):

  • No DriveLock product is affected


The detected vulnerabilities (CVE-2022-3602 and CVE-2022-3786) in OpenSSL allow execution of arbitrary code using a buffer overrun which can be triggered in X.509 certificate verification, specifically in name constraint checking.



Drivelock cannot be targeted using these exploits.

How to update your environment

Customers do not need to update their environment.
Nevertheless we always recommend to use the latest available version.