OpenSSL is an open-source toolkit for general-purpose cryptography. It’s one of the most widely used softwares for the encryption of web traffic and it’s also being used in numerous applications. In 2012, OpenSSL suffered from a bug called “Heartbleed” which showed the significance of vulnerabilities within OpenSSL. With Heartbleed, a malicious user could easily trick a vulnerable web server into sending sensitive information, including usernames and passwords.
While CVE-2022-0778 doesn’t allow tampering with sensitive data, could its impact be as significant as Heartbleed’s? Luckily, only 0.4% of the domains that have this information publicly available run the versions that have this vulnerability. Below you see a graph of the mutual distribution of vulnerable OpenSSL versions.