Workiva is closely monitoring the evolving investigation into newly disclosed vulnerabilities in OpenSSL version 3.x as documented in CVE-2022-3786 (“X.509 Email Address Variable Length Buffer Overflow”) and CVE-2022-3602 (“X.509 Email Address 4-byte Buffer Overflow”).
Workiva does not use version 3.x of OpenSSL and therefore is not vulnerable to the attacks described in CVE-2022-3786 or CVE-2022-3602.
We will continue to monitor the situation. For more information on the CVEs, OpenSSL has posted a blog post here: https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/.