The vulnerability was discovered in the latest version of OpenSSL 3.0.4 , which was released on June 21, 2022 and affects x86_64 systems with support for AVX-512 instructions .
According to Guido Vranken ‘s blog post , the vulnerability could be exploited by a remote attacker to corrupt the contents of a process’s memory. Successful exploitation of the vulnerability could allow an attacker to read and overwrite up to 8129 bytes of data outside of the allocated buffer. It is not yet known whether the vulnerability can be exploited to execute arbitrary attacker code.
BoringSSL, LibreSSL, and the OpenSSL 1.1.1 branch are not affected. The fix is currently only available as a patch and will be available to all users in the next update.