Cloudflare is not affected by the OpenSSL vulnerabilities CVE-2022-3602 and CVE-2022-3786

On November 1, 2022, OpenSSL released version 3.0.7 to address two high-risk vulnerabilities (CVE-2022-3602 and CVE-2022-3786) in the OpenSSL 3.0.x cryptographic library. These memory corruption issues could potentially allow attackers to execute arbitrary code on a victim's machine. However, Cloudflare is not affected by these vulnerabilities as it uses BoringSSL in its products. The vulnerabilities reside in the X.509 certificate verification code and require specific conditions to be met for exploitation. Users should patch vulnerable OpenSSL packages and update their software to mitigate potential risks.