Closed blshkv closed 1 year ago
Thanks. This will require updating nassl's "modern" OpenSSL to the latest 1.1.1 version. The "legacy" OpenSSL will stay vulnerable tho, as it needs to stay on 1.0.2e for SSLyze to be able to test specific issues.
Fix released as part of v5.0.0.
https://security.paloaltonetworks.com/CVE-2022-0778 https://github.com/PeterMosmans/openssl/pull/56