OSSLScan

When it comes to secure communications over computer networks, OpenSSL is a name that needs no further presentations. Nevertheless, the team recently announced the discovery of two vulnerabilities that act as buffer overflows and that can be exploited under certain circumstances.

If you are worried about potential breaches or just want to make sure that everything is safe on your system, then you can consider doing a full scan via a dedicated tool, namely OSSLScan.

The program is portable, so simply download, decompress, select the edition suitable for your PC, run and wait for the results. The tool is designed to perform a full drive scan to track down both CVE-2022-3786 and CVE-2022-3602 that may be still present in various WAR, EAR, ZIP, JAR or other files.

According to the developer, you can use the OSSLScan.exe /scan /report_sig command to make more targeted scans for specific assets. Following the scan, the tool displays the results in the console.

Despite the recent updates released, it is important to note that security experts claim the bugs are still present in OpenSSL 3.0. Take note that the vulnerabilities are still present in all current versions ranging from 3.0 to 3.0 6. Check your system and update to version 3.0.7 as soon as possible. On the other hand, the legacy 1.1.1 version should be fine and has not been affected.

While you didn’t directly download OpenSSL on your computer, there is always a chance that other apps you grabbed quietly brought along their own copies of the library, which may not be the latest version. Consequently, if you want to make sure that your system and network are currently safe and protected, you can consider using OSSLScan to find out.