On October 25, 2022, the OpenSSL Project announced a critical vulnerability fix in OpenSSL version 3.0.7, which will be made available on Tuesday, November 1, 2022. No CVE is assigned at this time. All indications are that this vulnerability announcement only applies to OpenSSL versions 3.0.0 to 3.0.6, and that OpenSSL versions 1.0.2 and 1.1.1 are not affected by this vulnerability announcement.
Cisco will investigate this issue in accordance with our Security Vulnerability Policy once the OpenSSL Project makes the details of the vulnerability available.
For the current OpenSSL Project communication on this issue, see Forthcoming OpenSSL Releases.
Security Impact Rating: Informational
http://news.poseidon-us.com/SbtNDx
