On November 1, 2022, the OpenSSL Project announced the following vulnerabilities, lowering the initial assessment from critical high impact:
- CVE-2022-3602 – X.509 Email Address 4-byte Buffer Overflow
- CVE-2022-3786 – X.509 Email Address Variable Length Buffer Overflow
Esri has already received customer requests for applicability of the vulnerability and there is significant media attention to this vulnerability, therefore we have published this announcement.
Esri is inventorying our products and systems potentially impacted by the vulnerability. OpenSSL 3.x is not widely utilized in Esri products and online services. If a product is impacted information will be added here.
For the current OpenSSL Project communication on this issue, see the OpenSSL Security Advisory.
- Esri Software Security & Privacy