CVE-2022-3602 - Open SSL RCE Buffer Overload

33 views
Skip to first unread message

Samuel Anderson-Burrell

unread,
Feb 23, 2023, 7:05:20 PMFeb 23
to Input Director
Hi there input director.
I have several devices that I use and I noticed that there is a vulnerbility for Open SSL which input director uses. 

I wondered if you guys were aware of this and if so do you have a ETA on when this maybe patched by please.

Cheers

Samuel

Shane

unread,
Feb 23, 2023, 7:14:47 PMFeb 23
to Input Director
Hi Samuel,

The next version (v2.1.3) will be updated to the latest version of OpenSSL. It's on track for release in the next couple of months.

But, Input Director isn't affected by that vulnerability, as it only uses the low level AES crypto functions.

Regs,

Shane.

BWS_NZ

unread,
Apr 30, 2023, 7:48:59 PMApr 30
to Input Director
Hey Shane,

Huge fan of Input Director, works a treat especially when using the same space at home for work and social usage.

Quick question, do you know when 2.1.3 will be released?

My employer is requiring me to deal with the CVE-2022-3602 - Open SSL RCE Buffer Overload by way of uninstalling the product from my work device, and I've said that there is a new version coming; however I can only hold off the security teams for so long.

Any idea when we might be able to either BETA test 2.1.3 or when it will be GA?

Cheers,
BWS

Shane

unread,
Apr 30, 2023, 7:50:32 PMApr 30
to Input Director
Hi BWS,

I'm look to release an early access version this month. 

Input Director isn't affected by the RCE Buffer Overload issue, as it's use of OpenSSL is limited to the low level AES routines.

Regs,

Shane.
Reply all
Reply to author
Forward
0 new messages