OpenSSL versions from 3.x through 3.0.6 (earlier than 3.0.7) are found vulnerable to a high severity security vulnerability that can lead to crash or unexpected behavior.
OpenSSL has released an advisory located at https://www.openssl.org/news/secadv/20221101.txt
Supermicro firmware and software products are not affected by either CVE-2022-3786 or CVE-2022-3602 since Supermicro products use OpenSSL versions 1.0.x - 1.1.1.
More Information:
CVE-2022-3786An attacker can craft a malicious email address to overflow an arbitrary number of bytes containing the `.` character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service).
CVE-2022-3602A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution.