CVE-2022-3786 and CVE-2022-3602 are two high-risk security vulnerabilities in OpenSSL related to an email address buffer overflow attack that could result in denial of service 😬
Users are recommended to upgrade to OpenSSL v3.07 which contains a security patch. Shorey IT uses does not use OpenSSL outside of content delivery which is handled by Cloudflare, and they have announced that they are unaffected.
We will stay in touch with our other vendors to make sure if they are vulnerable, that upgrades are applied immediately. At this time, we have no reason to belive Shorey IT is affected by this vulnerability and will update if needed.