The OpenSSL team recently released an advisory detailing two high-severity vulnerabilities, CVE-2022-3602 and CVE-2022-3786. The more serious issue, CVE-2022-3602, is a remote code execution vulnerability in the ossl_punycode_decode function, which can be exploited by an attacker to write arbitrary bytes outside the bounds of a buffer. However, this bug requires specific conditions to be met and does not seem to be easily exploitable. A single line change in the code fixed the issue, indicating it is an off-by-one error. The vulnerability affects servers running OpenSSL 3, but most services typically use form-based authentication, making client-side attacks unlikely. Organizations can update to OpenSSL 3.0.7 or later by following regular patch and vulnerability management procedures. Tools like Snyk can help identify vulnerable instances of OpenSSL for patching.