CVE-2022-3602 was supposed to receive critical status, which is an arbitrary 4-byte stack buffer overflow that can cause failures or lead to remote code execution (RCE). In the end, this vulnerability was assigned a high severity rating. Vulnerable versions of OpenSSL 3.0 and later.
CVE-2022-3786 can be used by potential attackers through malicious email addresses, and is capable of provoking a denial of service through buffer overflow.
It's not as bad as it might seem. Affects only versions from 3.0.0 to 3.0.6, the exploitation is not trivial, but it is also not worth delaying the update. If you are using OpenSSL from 3.0.0 to 3.0.6 included, you should upgrade to 3.0.7.