OpenSSL Scan Results (3.0.0 - 3.0.6) Two HIGH-severity vulnerabilities have been announced by the OpenSSL project on 2022-11-01, referenced at https://www.openssl.org/news/vulnerabilities.html, affecting OpenSSL 3.0.0 through 3.0.6

These include

This Analysis attempts to identify products that utilize the affected OpenSSL versions by scanning executables and executable library files on the system, probing for strings known to reside within programs built to use OpenSSL 3.  This Analysis parses results from previously-executed OpenSSL 3 scans and reports back properties to reflect the OpenSSL 3.0.0 - 3.0.6 versions found, the files containing those versions, and the date on which the scan was executed.

Important Considerations:

  • The YARA scan has limited throttling options.  Take care when scanning.  High disk utilization is expected and the scan may take considerable time to complete.
  • Avoid scanning shared resources such as VM infrastructure or shared SAN storage from multiple clients simultaneously, and stagger action-start-times to avoid overutilizing disk resources.
]]> (if exists property "in proxy agent context" then not in proxy agent context else true) exists files "results-OpenSSL_3_lower_307.json" of folders "results" of folders "yara" of parent folder of parent folder of client folder of site "actionsite" Internal 2022-10-31 x-fixlet-first-propagation Tue, 01 Nov 2022 18:15:55 +0000 x-fixlet-modification-time Wed, 02 Nov 2022 14:26:28 +0000 BESC (values of keys "matched_strings" of it, values of keys "file" of it) of elements of values of keys "results" of jsons of files "results-OpenSSL_3_lower_307.json" of folders "results" of folders "yara" of parent folder of parent folder of client folder of site "actionsite" unique values of (it as string) of (values of keys "matched_strings" of it) of elements of values of keys "results" of jsons of files "results-OpenSSL_3_lower_307.json" of folders "results" of folders "yara" of parent folder of parent folder of client folder of site "actionsite" (it as integer * second) of values of keys "scan_duration_seconds" of jsons of files "results-OpenSSL_3_lower_307.json" of folders "results" of folders "yara" of parent folder of parent folder of client folder of site "actionsite"