The vulnerability has been identified in the latest version of OpenSSL 3.0.4, which was released on June 21, 2022 and impacts x86_64 systems with support for AVX-512 instructions.

According to security researcher Guido Vranken's blog post, the vulnerability could be exploited by a remote attacker to corrupt the contents of a process's memory. Successful exploitation of the vulnerability could allow an attacker to read and overwrite up to 8192 bytes of data outside the bounds of allocated buffer.

BoringSSL, LibreSSL, and the OpenSSL 1.1.1 branch are not affected. The fix is currently only available as a patch and will be available to all users in the next update.

Source: securitylab.ru