cryptographic library | Breaking Cybersecurity News | The Hacker News

The maintainers of the OpenSSL project have released patches to address a  high-severity bug  in the cryptographic library that could potentially lead to remote code execution under certain scenarios. The  issue , now assigned the identifier  CVE-2022-2274 , has been described as a case of heap memory corruption with RSA private key operation that was introduced in OpenSSL version 3.0.4 released on June 21, 2022. First released in 1998, OpenSSL is a general-purpose  cryptography library  that offers open-source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, enabling users to generate private keys, create certificate signing requests ( CSRs ), install SSL/TLS certificates. "SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue," the advisory  noted . Calling it a "serious bug in the RSA implementation

Security boffins have discovered a critical vulnerability in a GnuPG cryptographic library that allowed the researchers to completely break RSA-1024 and successfully extract the secret RSA key to decrypt data. Gnu Privacy Guard (GnuPG or GPG) is popular open source encryption software used by many operating systems from Linux and FreeBSD to Windows and macOS X. It's the same software used by the former NSA contractor and whistleblower Edward Snowden to keep his communication secure from law enforcement. The vulnerability, labeled CVE-2017-7526 , resides in the Libgcrypt cryptographic library used by GnuPG, which is prone to local FLUSH+RELOAD side-channel attack. A team of researchers — from Technical University of Eindhoven, the University of Illinois, the University of Pennsylvania, the University of Maryland, and the University of Adelaide — found that the "left-to-right sliding window" method used by the libgcrypt library for carrying out the mathematics o