CVE-2022-3602 - Open SSL RCE Buffer Overload

[Samuel Anderson-Burrell]

Hi there input director.

I have several devices that I use and I noticed that there is a vulnerbility for Open SSL which input director uses. 

I wondered if you guys were aware of this and if so do you have a ETA on when this maybe patched by please.

Cheers

Samuel

[Shane]

Hi Samuel,

The next version (v2.1.3) will be updated to the latest version of OpenSSL. It's on track for release in the next couple of months.

But, Input Director isn't affected by that vulnerability, as it only uses the low level AES crypto functions.

Regs,

Shane.

[BWS_NZ]

Hey Shane,

Huge fan of Input Director, works a treat especially when using the same space at home for work and social usage.

Quick question, do you know when 2.1.3 will be released?

My employer is requiring me to deal with the CVE-2022-3602 - Open SSL RCE Buffer Overload by way of uninstalling the product from my work device, and I've said that there is a new version coming; however I can only hold off the security teams for so long.

Any idea when we might be able to either BETA test 2.1.3 or when it will be GA?

Cheers,

BWS

[Shane]

Hi BWS,

I'm look to release an early access version this month. 

Input Director isn't affected by the RCE Buffer Overload issue, as it's use of OpenSSL is limited to the low level AES routines.

Regs,

Shane.