Security Notice regarding OpenSSL 3 Patch Vulnerability CVE-2022-3602, CVE-2022-3786
On November 1st, 2022, the OpenSSL Project disclosed CVE-2022-3602 and CVE-2022-3786 – potentially critical severity vulnerabilities present in OpenSSL 3.0.x.
For DTEN Android-based products (ME, ME Pro, ON, ONboard, GO, & Mate Controllers), the operating system does not install the OpenSSL application by default, and the OpenSSL library integrated into DTEN's application, the latest official version, is also used.
To date, no DTEN Android-based products are impacted by CVE-2022-3602 or CVE-2022-3786. Regardless, DTEN Android-based products will consume 3.0.7 fixes as a precautionary measure in upcoming releases.
Note that the original ‘forthcoming release announcement’ provided by the OpenSSL Project had described CVE-2022-3602 and CVE-2022-3786 as a single vulnerability of ‘Critical’ severity; it has now been downgraded to ‘High’ and split into two separate vulnerabilities.
Scope of vulnerability
DTEN has verified that none of DTEN’s product versions are affected by this vulnerability.
If you have additional questions, please contact DTEN Support at firstname.lastname@example.org
Article is closed for comments.