Severity: Critical (9.8/10)
Affected Systems: All Linux servers running OpenSSL 3.0.0 – 3.2.1.
Analysis: Our research team has confirmed a heap-based buffer overflow in the x509 verification chain. Attackers can leverage this by sending a specially crafted certificate during the handshake process, leading to full system compromise.
Mitigation: Upgrade to version 3.2.2 immediately or disable TLS 1.3 heartbeat extensions.