OpenSSL 3.0.5 high severity findings. #2575
Comments
|
Nmap is not affected by these vulnerabilities because Nmap does not perform certificate validation. Ncat, when the |
|
Just to add one more thing...even though Nmap itself isn't vulnerable, we'll be updating to the patched OpenSSL in the next release. We understand that nobody wants these "vulnerable" OpenSSL DLL's on their system even if they can't technically be exploited. They can still lead to alerts from vulnerability scanners, etc. Thanks @miloslav-zadrazil-solarwinds for the report, and of course @dmiller-nmap for researching the CVE's so quickly. |
|
Excellent and very helpful . Many thanks for quick response. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Vulnerability scans on nmap release shows high severity issue of OpenSSL 3.0.5 version
could you, please provide me with information whether nmap is affected by those vulnerabilities ?
The text was updated successfully, but these errors were encountered: