New versions are available for jbc.FTX and jbc.FTX API. The vulnerable OpenSSL version has been replaced by versions in which the bug has been fixed. Now the OpenSSL versions 1.1.1s and 3.0.7 are included, in these versions the two vulnerabilities CVE-2022-3786 and CVE-2022-3602 are closed.
Details on the gaps can be found under the following links.
NVD – CVE-2022-3786 (nist.gov)
https://nvd.nist.gov/vuln/detail/CVE-2022-3786
CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows – OpenSSL Blog
https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
https://www.heise.de/news/OpennSSL-Update-zum-Schliessen-der-kritischen-Sicherheitsluecke-verfuegbar-7326009.html
OpenSSL: Update available to close critical vulnerability | heise online
To request the latest version, please contact our support at ftx-Support@jbc-software.ch
