CVE-2022-3996 (GCVE-0-2022-3996)

Vulnerability from cvelistv5 – Published: 2022-12-13 15:43 – Updated: 2024-08-03 01:27
VLAI
Title
X.509 Policy Constraints Double Locking
Summary
If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Update (31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466.
Severity
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
OpenSSL OpenSSL Affected: 3.0.0 , ≤ 3.0.7 (semver)
Create a notification for this product.
openssl openssl Affected: 3.0.0 , < 3.0.7 (custom)
    cpe:2.3:a:openssl:openssl:3.0.0:*:*:*:*:*:*:*
 Create a notification for this product.
netapp ontap_9 Affected: 0 , < * (custom)
    cpe:2.3:a:netapp:ontap_9:-:*:*:*:*:*:*:*
 Create a notification for this product.
netapp fas\/aff_baseboard_management_controller Affected: 0 , < * (custom)
    cpe:2.3:a:netapp:fas\/aff_baseboard_management_controller:-:*:*:*:*:*:*:*
 Create a notification for this product.
netapp management_services_for_element_software Affected: 0 , < * (custom)
    cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*
 Create a notification for this product.
netapp altavault_ost_plug-in Affected: 0 , < * (custom)
    cpe:2.3:a:netapp:altavault_ost_plug-in:*:*:*:*:*:*:*:*
 Create a notification for this product.
netapp hci_baseboard_management_controller Affected: 0 , < * (custom)
    cpe:2.3:a:netapp:hci_baseboard_management_controller:-:*:*:*:*:*:*:*
 Create a notification for this product.
netapp smi-s_provider Affected: 0 , < * (custom)
    cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*
 Create a notification for this product.
Date Public
2022-12-13 07:00
Credits
Polar Bear Paul Dale
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:27:54.475Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20230203-0003/"
          },
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20221213.txt"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:openssl:openssl:3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "openssl",
            "vendor": "openssl",
            "versions": [
              {
                "lessThan": "3.0.7",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:ontap_9:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ontap_9",
            "vendor": "netapp",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:fas\\/aff_baseboard_management_controller:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fas\\/aff_baseboard_management_controller",
            "vendor": "netapp",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "management_services_for_element_software",
            "vendor": "netapp",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:altavault_ost_plug-in:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "altavault_ost_plug-in",
            "vendor": "netapp",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:hci_baseboard_management_controller:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "hci_baseboard_management_controller",
            "vendor": "netapp",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "smi-s_provider",
            "vendor": "netapp",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-3996",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-01T21:11:25.058550Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:18:41.599Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThanOrEqual": "3.0.7",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Polar Bear"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Paul Dale"
        }
      ],
      "datePublic": "2022-12-13T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "If an X.509 certificate contains a malformed policy constraint and\u003cbr\u003epolicy processing is enabled, then a write lock will be taken twice\u003cbr\u003erecursively.  On some operating systems (most widely: Windows) this\u003cbr\u003eresults in a denial of service when the affected process hangs.  Policy\u003cbr\u003eprocessing being enabled on a publicly facing server is not considered\u003cbr\u003eto be a common setup.\u003cbr\u003e\u003cbr\u003ePolicy processing is enabled by passing the `-policy\u0027\u003cbr\u003eargument to the command line utilities or by calling the\u003cbr\u003e`X509_VERIFY_PARAM_set1_policies()\u0027 function.\u003cbr\u003e\u003cbr\u003eUpdate (31 March 2023): The description of the policy processing enablement\u003cbr\u003ewas corrected based on CVE-2023-0466."
            }
          ],
          "value": "If an X.509 certificate contains a malformed policy constraint and\npolicy processing is enabled, then a write lock will be taken twice\nrecursively.  On some operating systems (most widely: Windows) this\nresults in a denial of service when the affected process hangs.  Policy\nprocessing being enabled on a publicly facing server is not considered\nto be a common setup.\n\nPolicy processing is enabled by passing the `-policy\u0027\nargument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()\u0027 function.\n\nUpdate (31 March 2023): The description of the policy processing enablement\nwas corrected based on CVE-2023-0466."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html#low"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-667",
              "description": "CWE-667 Improper Locking",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-31T09:50:45.685Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20221213.txt"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "X.509 Policy Constraints Double Locking",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2022-3996",
    "datePublished": "2022-12-13T15:43:06.821Z",
    "dateReserved": "2022-11-15T11:47:05.740Z",
    "dateUpdated": "2024-08-03T01:27:54.475Z",
    "requesterUserId": "b0d835d1-bcd6-467d-a017-37d7df925f4b",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-3996",
      "date": "2026-06-15",
      "epss": "0.0123",
      "percentile": "0.64913"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.0\", \"versionEndIncluding\": \"3.0.7\", \"matchCriteriaId\": \"26EF8A48-B8E5-4D4D-8054-445D65171EAC\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"If an X.509 certificate contains a malformed policy constraint and\\npolicy processing is enabled, then a write lock will be taken twice\\nrecursively.  On some operating systems (most widely: Windows) this\\nresults in a denial of service when the affected process hangs.  Policy\\nprocessing being enabled on a publicly facing server is not considered\\nto be a common setup.\\n\\nPolicy processing is enabled by passing the `-policy\u0027\\nargument to the command line utilities or by calling the\\n`X509_VERIFY_PARAM_set1_policies()\u0027 function.\\n\\nUpdate (31 March 2023): The description of the policy processing enablement\\nwas corrected based on CVE-2023-0466.\"}, {\"lang\": \"es\", \"value\": \"Si un certificado X.509 contiene una restricci\\u00f3n de pol\\u00edtica con formato incorrecto y el procesamiento de pol\\u00edticas est\\u00e1 habilitado, se aplicar\\u00e1 un bloqueo de escritura dos veces de forma recursiva. En algunos sistemas operativos (m\\u00e1s ampliamente: Windows), esto resulta en una Denegaci\\u00f3n de Servicio (DoS) cuando el proceso afectado se bloquea. La habilitaci\\u00f3n del procesamiento de pol\\u00edticas en un servidor p\\u00fablico no se considera una configuraci\\u00f3n com\\u00fan. El procesamiento de pol\\u00edticas se habilita pasando el argumento `-policy\u0027 a las utilidades de l\\u00ednea de comando o llamando a la funci\\u00f3n `X509_VERIFY_PARAM_set1_policies()\u0027. Actualizaci\\u00f3n (31 de marzo de 2023): la descripci\\u00f3n de la habilitaci\\u00f3n del procesamiento de pol\\u00edticas se corrigi\\u00f3 seg\\u00fan CVE-2023-0466.\"}]",
      "id": "CVE-2022-3996",
      "lastModified": "2024-11-21T07:20:42.003",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2022-12-13T16:15:22.007",
      "references": "[{\"url\": \"https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.openssl.org/news/secadv/20221213.txt\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230203-0003/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.openssl.org/news/secadv/20221213.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "openssl-security@openssl.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"openssl-security@openssl.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-667\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-667\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-3996\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2022-12-13T16:15:22.007\",\"lastModified\":\"2024-11-21T07:20:42.003\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"If an X.509 certificate contains a malformed policy constraint and\\npolicy processing is enabled, then a write lock will be taken twice\\nrecursively.  On some operating systems (most widely: Windows) this\\nresults in a denial of service when the affected process hangs.  Policy\\nprocessing being enabled on a publicly facing server is not considered\\nto be a common setup.\\n\\nPolicy processing is enabled by passing the `-policy\u0027\\nargument to the command line utilities or by calling the\\n`X509_VERIFY_PARAM_set1_policies()\u0027 function.\\n\\nUpdate (31 March 2023): The description of the policy processing enablement\\nwas corrected based on CVE-2023-0466.\"},{\"lang\":\"es\",\"value\":\"Si un certificado X.509 contiene una restricci\u00f3n de pol\u00edtica con formato incorrecto y el procesamiento de pol\u00edticas est\u00e1 habilitado, se aplicar\u00e1 un bloqueo de escritura dos veces de forma recursiva. En algunos sistemas operativos (m\u00e1s ampliamente: Windows), esto resulta en una Denegaci\u00f3n de Servicio (DoS) cuando el proceso afectado se bloquea. La habilitaci\u00f3n del procesamiento de pol\u00edticas en un servidor p\u00fablico no se considera una configuraci\u00f3n com\u00fan. El procesamiento de pol\u00edticas se habilita pasando el argumento `-policy\u0027 a las utilidades de l\u00ednea de comando o llamando a la funci\u00f3n `X509_VERIFY_PARAM_set1_policies()\u0027. Actualizaci\u00f3n (31 de marzo de 2023): la descripci\u00f3n de la habilitaci\u00f3n del procesamiento de pol\u00edticas se corrigi\u00f3 seg\u00fan CVE-2023-0466.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"openssl-security@openssl.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndIncluding\":\"3.0.7\",\"matchCriteriaId\":\"26EF8A48-B8E5-4D4D-8054-445D65171EAC\"}]}]}],\"references\":[{\"url\":\"https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.openssl.org/news/secadv/20221213.txt\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230203-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.openssl.org/news/secadv/20221213.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20230203-0003/\"}, {\"url\": \"https://www.openssl.org/news/secadv/20221213.txt\", \"name\": \"OpenSSL Advisory\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7\", \"tags\": [\"patch\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T01:27:54.475Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-3996\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-01T21:11:25.058550Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:openssl:openssl:3.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"openssl\", \"product\": \"openssl\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.0\", \"lessThan\": \"3.0.7\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:netapp:ontap_9:-:*:*:*:*:*:*:*\"], \"vendor\": \"netapp\", \"product\": \"ontap_9\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:netapp:fas\\\\/aff_baseboard_management_controller:-:*:*:*:*:*:*:*\"], \"vendor\": \"netapp\", \"product\": \"fas\\\\/aff_baseboard_management_controller\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*\"], \"vendor\": \"netapp\", \"product\": \"management_services_for_element_software\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:netapp:altavault_ost_plug-in:*:*:*:*:*:*:*:*\"], \"vendor\": \"netapp\", \"product\": \"altavault_ost_plug-in\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:netapp:hci_baseboard_management_controller:-:*:*:*:*:*:*:*\"], \"vendor\": \"netapp\", \"product\": \"hci_baseboard_management_controller\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*\"], \"vendor\": \"netapp\", \"product\": \"smi-s_provider\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-01T21:11:53.309Z\"}}], \"cna\": {\"title\": \"X.509 Policy Constraints Double Locking\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Polar Bear\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Paul Dale\"}], \"metrics\": [{\"other\": {\"type\": \"https://www.openssl.org/policies/secpolicy.html#low\", \"content\": {\"text\": \"Low\"}}, \"format\": \"other\"}], \"affected\": [{\"vendor\": \"OpenSSL\", \"product\": \"OpenSSL\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.0.7\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2022-12-13T07:00:00.000Z\", \"references\": [{\"url\": \"https://www.openssl.org/news/secadv/20221213.txt\", \"name\": \"OpenSSL Advisory\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"If an X.509 certificate contains a malformed policy constraint and\\npolicy processing is enabled, then a write lock will be taken twice\\nrecursively.  On some operating systems (most widely: Windows) this\\nresults in a denial of service when the affected process hangs.  Policy\\nprocessing being enabled on a publicly facing server is not considered\\nto be a common setup.\\n\\nPolicy processing is enabled by passing the `-policy\u0027\\nargument to the command line utilities or by calling the\\n`X509_VERIFY_PARAM_set1_policies()\u0027 function.\\n\\nUpdate (31 March 2023): The description of the policy processing enablement\\nwas corrected based on CVE-2023-0466.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"If an X.509 certificate contains a malformed policy constraint and\u003cbr\u003epolicy processing is enabled, then a write lock will be taken twice\u003cbr\u003erecursively.  On some operating systems (most widely: Windows) this\u003cbr\u003eresults in a denial of service when the affected process hangs.  Policy\u003cbr\u003eprocessing being enabled on a publicly facing server is not considered\u003cbr\u003eto be a common setup.\u003cbr\u003e\u003cbr\u003ePolicy processing is enabled by passing the `-policy\u0027\u003cbr\u003eargument to the command line utilities or by calling the\u003cbr\u003e`X509_VERIFY_PARAM_set1_policies()\u0027 function.\u003cbr\u003e\u003cbr\u003eUpdate (31 March 2023): The description of the policy processing enablement\u003cbr\u003ewas corrected based on CVE-2023-0466.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-667\", \"description\": \"CWE-667 Improper Locking\"}]}], \"providerMetadata\": {\"orgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"shortName\": \"openssl\", \"dateUpdated\": \"2023-03-31T09:50:45.685Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-3996\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-03T01:27:54.475Z\", \"dateReserved\": \"2022-11-15T11:47:05.740Z\", \"assignerOrgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"datePublished\": \"2022-12-13T15:43:06.821Z\", \"requesterUserId\": \"b0d835d1-bcd6-467d-a017-37d7df925f4b\", \"assignerShortName\": \"openssl\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.