On October 25th, the OpenSSL team announced a critical vulnerability in OpenSSL 3.x, leading to widespread concern reminiscent of the Log4Shell incident. Upon release of the details, two vulnerabilities were identified: CVE-2022-3602, a 4-byte stack-buffer overflow, and CVE-2022-3786, a stack-buffer overflow that doesn't allow control over the data. Initially classified as critical, both were later downgraded to high severity due to limited exploitability, particularly CVE-2022-3602, which was hard to exploit in typical environments. These vulnerabilities affect OpenSSL versions 3.0.0 to 3.0.7, which are not widely adopted yet, with some distributions and software like Node.js being potentially affected. The primary attack scenarios involve specific TLS server and client configurations, and mitigation can involve updating to OpenSSL 3.0.7 or altering TLS server settings. JFrog Xray can detect these vulnerabilities, providing additional insights and updates through its security research channels.