https://community.appian.com/support/w/kb/2822/kb-2226-information-about-the-openssl-security-advisory-cve-2022-3786-cve-2022-3602en-USTelligent Community 12https://community.appian.com/support/w/kb/2822/kb-2226-information-about-the-openssl-security-advisory-cve-2022-3786-cve-2022-3602Wed, 16 Nov 2022 17:12:12 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:56d6d6f9-123b-471b-b22f-393a09f14e5eElly Menghttps://community.appian.com/support/w/kb/2822/kb-2226-information-about-the-openssl-security-advisory-cve-2022-3786-cve-2022-3602#commentsCurrent Revision posted to Appian Knowledge Base by Elly Meng on 11/16/2022 5:12:12 PM<br /> <p><span style="font-weight:400;">On 1-Nov-2022 the OpenSSL Project published a </span><a href="https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/"><span style="font-weight:400;">High Severity security advisory</span></a><span style="font-weight:400;"> to all organizations using OpenSSL 3.0.0 - 3.0.6.&nbsp;</span></p> <p><span>Upon assessing the Appian platform against the details of the CVEs, we can confirm that the Appian platform is not impacted by vulnerabilities described by the OpenSSL security advisory. We will continue to monitor the situation and provide any updates as appropriate.</span></p> <p><b>Additional Notes</b><span style="font-weight:400;">:</span></p> <p><span style="font-weight:400;">The following 2 CVEs were released with additional information on the scope of the vulnerabilities:</span></p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-3786"><span style="font-weight:400;">CVE-2022-3786</span></a><span style="font-weight:400;"> (&ldquo;X.509 Email Address Variable Length Buffer Overflow&rdquo;)&nbsp;</span><span style="font-weight:400;"><br /></span><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-3602"><span style="font-weight:400;">CVE-2022-3602</span></a><span style="font-weight:400;"> (&ldquo;X.509 Email Address 4-byte Buffer Overflow&rdquo;).</span></p> <p><strong>Supporting Documentation:</strong></p> <ul> <li><span style="font-weight:400;"><a href="https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/">https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/</a><a href="https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/"></a></span></li> <li><span style="font-weight:400;"><a href="https://www.openssl.org/news/secadv/20221101.txt">https://www.openssl.org/news/secadv/20221101.txt</a><a href="https://www.openssl.org/news/secadv/20221101.txt"></a></span><span style="font-weight:400;"></span></li> </ul> <h2><span>Affected Versions</span></h2> <p>This article applies to all supported versions of Appian.</p> <p><span style="font-weight:400;">Last Reviewed: November 16, 2022</span></p><div style="clear:both;"></div> <div style="font-size: 90%;">Tags: Security</div> https://community.appian.com/support/w/kb/2822/kb-2226-information-about-the-openssl-security-advisory-cve-2022-3786-cve-2022-3602/revision/1Tue, 01 Nov 2022 21:03:36 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:56d6d6f9-123b-471b-b22f-393a09f14e5eElly Menghttps://community.appian.com/support/w/kb/2822/kb-2226-information-about-the-openssl-security-advisory-cve-2022-3786-cve-2022-3602#commentsRevision 1 posted to Appian Knowledge Base by Elly Meng on 11/1/2022 9:03:36 PM<br /> <p><span style="font-weight:400;">On 1-Nov-2022 the OpenSSL Project published a </span><a href="https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/"><span style="font-weight:400;">High Severity security advisory</span></a><span style="font-weight:400;"> to all organizations using OpenSSL 3.0.0 - 3.0.6.&nbsp;</span></p> <p><span style="font-weight:400;">Appian is currently investigating any usage of OpenSSL and monitoring the release of additional information regarding these vulnerabilities before we publish any details. To date, Appian is not aware of any Appian components that utilize the impacted versions of OpenSSL. We will update this KB should our understanding of the situation change.</span></p> <p><b>Additional Notes</b><span style="font-weight:400;">:</span></p> <p><span style="font-weight:400;">The following 2 CVEs were released with additional information on the scope of the vulnerabilities:</span></p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-3786"><span style="font-weight:400;">CVE-2022-3786</span></a><span style="font-weight:400;"> (&ldquo;X.509 Email Address Variable Length Buffer Overflow&rdquo;)&nbsp;</span><span style="font-weight:400;"><br /></span><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-3602"><span style="font-weight:400;">CVE-2022-3602</span></a><span style="font-weight:400;"> (&ldquo;X.509 Email Address 4-byte Buffer Overflow&rdquo;).</span></p> <p><strong>Supporting Documentation:</strong></p> <ul> <li><span style="font-weight:400;"><a href="https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/">https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/</a><a href="https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/"></a></span></li> <li><span style="font-weight:400;"><a href="https://www.openssl.org/news/secadv/20221101.txt">https://www.openssl.org/news/secadv/20221101.txt</a><a href="https://www.openssl.org/news/secadv/20221101.txt"></a></span><span style="font-weight:400;"></span></li> </ul> <h2><span>Affected Versions</span></h2> <p>This article applies to all supported versions of Appian.</p> <p><span style="font-weight:400;">Last Reviewed: November 1, 2022</span></p><div style="clear:both;"></div> <div style="font-size: 90%;">Tags: Security</div>