OpenSSL Outlines Two High Severity Vulnerabilities
The OpenSSL vulnerabilities made public today are an X.509 email address 4-byte buffer overflow (CVE-2022-3602) and an X.509 email address variable length buffer overflow (CVE-2022-3786).
Both vulnerabilities pertain to buffer overruns within the X.509 certificate verification. CVE-2022-3602 is the vulnerability originally deemed "critical" and what led to the delayed Fedora 37 and the like. However, on further analysis they decided to downgrade it to "high" severity.
OpenSSL 3.0.x prior to OpenSSL 3.0.7 are affected by these vulnerabilities but not the older OpenSSL 1.x releases.
More details on these OpenSSL security vulnerabilities via OpenSSL.org. OpenSSL 3.0.7 is available with the fixes.