gsd-2022-3602
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).
Aliases
Aliases
{ "GSD": { "alias": "CVE-2022-3602", "id": "GSD-2022-3602", "references": [ "https://access.redhat.com/errata/RHSA-2022:7288", "https://access.redhat.com/errata/RHSA-2022:7384", "https://www.suse.com/security/cve/CVE-2022-3602.html" ] }, "gsd": { "database_specific": { "GSD": { "affected_component": "X.509 Email Address handling", "aliases": [ "CVE-2022-3602" ], "attack_vector": "network", "credit": "", "description": "X.509 Email Address 4-byte Buffer Overflow. CVE-2022-3602 was originally assessed by the OpenSSL project as CRITICAL as it is an arbitrary 4-byte stack buffer overflow, and such vulnerabilities may lead to remote code execution (RCE). \n\n During the week of prenotification, several organisations performed testing and gave us feedback on the issue, looking at the technical details of the overflow and stack layout on common architectures and platforms. \n\n Firstly, we had reports that on certain Linux distributions the stack layout was such that the 4 bytes overwrote an adjacent buffer that was yet to be used and therefore there was no crash or ability to cause remote code execution. \n\n Secondly, many modern platforms implement stack overflow protections which would mitigate against the risk of remote code execution and usually lead to a crash instead. \n\n However as OpenSSL is distributed as source code we have no way of knowing how every platform and compiler combination has arranged the buffers on the stack and therefore remote code execution may still be possible on some platforms. \n\n Our security policy states that a vulnerability might be described as CRITICAL if \u201cremote code execution is considered likely in common situations\u201d. We no longer felt that this rating applied to CVE-2022-3602 and therefore it was downgraded on 1st November 2022 before being released to HIGH.", "impact": "unknown", "notes": "X.509 Email Address 4-byte Buffer Overflow", "product_name": "openssl", "product_version": "3.0.5", "references": [ "https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html", "https://github.com/NCSC-NL/OpenSSL-2022", "https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2022/2022-267005-1032.html", "https://github.com/pblumo/openssl-vuln-nov-2022/", "https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/", "https://github.com/openssl/openssl/commit/3b421ebc64c7b52f1b9feb3812bdc7781c784332", "https://www.openssl.org/source/openssl-3.0.7.tar.gz", "https://github.com/colmmacc/CVE-2022-3602", "https://twitter.com/hanno/status/1587775675397726209", "https://www.techsolvency.com/story-so-far/cve-tbd-openssl-3.0.7-critical/", "https://docs.google.com/spreadsheets/d/e/2PACX-1vT7ih8XJ5LHq-30saNCS9S7pJafe37S1b6ZRxWXcnx6HbrHFFTNIk7-gFQ7_NJlET47w0naS8deLtIG/pubhtml", "https://words.filippo.io/dispatches/openssl-punycode/" ], "vendor_name": "openssl", "vulnerability_type": "unknown" }, "OSV": { "affected": [ { "package": { "ecosystem": "GSD", "name": "openssl" }, "versions": [ "3.0.6", "3.0.5", "3.0.4", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "3.0.0-beta2", "3.0.0-beta1", "3.0.0-alpha17", "3.0.0-alpha16", "3.0.0-alpha15", "3.0.0-alpha14", "3.0.0-alpha13", "3.0.0-alpha12", "3.0.0-alpha11", "3.0.0-alpha10", "3.0.0-alpha9", "3.0.0-alpha8", "3.0.0-alpha7", "3.0.0-alpha6", "3.0.0-alpha5", "3.0.0-alpha4", "3.0.0-alpha3", "3.0.0-alpha2", "3.0.0-alpha1" ] } ], "aliases": [ "CVE-2022-3602" ], "details": "X.509 Email Address 4-byte Buffer Overflow. CVE-2022-3602 was originally assessed by the OpenSSL project as CRITICAL as it is an arbitrary 4-byte stack buffer overflow, and such vulnerabilities may lead to remote code execution (RCE). \n\n During the week of prenotification, several organisations performed testing and gave us feedback on the issue, looking at the technical details of the overflow and stack layout on common architectures and platforms. \n\n Firstly, we had reports that on certain Linux distributions the stack layout was such that the 4 bytes overwrote an adjacent buffer that was yet to be used and therefore there was no crash or ability to cause remote code execution. \n\n Secondly, many modern platforms implement stack overflow protections which would mitigate against the risk of remote code execution and usually lead to a crash instead. \n\n However as OpenSSL is distributed as source code we have no way of knowing how every platform and compiler combination has arranged the buffers on the stack and therefore remote code execution may still be possible on some platforms. \n\n Our security policy states that a vulnerability might be described as CRITICAL if \u201cremote code execution is considered likely in common situations\u201d. We no longer felt that this rating applied to CVE-2022-3602 and therefore it was downgraded on 1st November 2022 before being released to HIGH.", "id": "CVE-2022-3602", "modified": "2022-11-02T15:48:10.308Z", "published": "2022-11-01T16:29:39.763Z", "references": [ { "type": "WEB", "url": "https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html" }, { "type": "WEB", "url": "https://github.com/NCSC-NL/OpenSSL-2022" }, { "type": "WEB", "url": "https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2022/2022-267005-1032.html" }, { "type": "WEB", "url": "https://github.com/pblumo/openssl-vuln-nov-2022/" }, { "type": "ADVISORY", "url": "https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/" }, { "type": "FIX", "url": "https://github.com/openssl/openssl/commit/3b421ebc64c7b52f1b9feb3812bdc7781c784332" }, { "type": "FIX", "url": "https://www.openssl.org/source/openssl-3.0.7.tar.gz" }, { "type": "WEB", "url": "https://github.com/colmmacc/CVE-2022-3602" }, { "type": "WEB", "url": "https://twitter.com/hanno/status/1587775675397726209" }, { "type": "WEB", "url": "https://www.techsolvency.com/story-so-far/cve-tbd-openssl-3.0.7-critical/" }, { "type": "WEB", "url": "https://docs.google.com/spreadsheets/d/e/2PACX-1vT7ih8XJ5LHq-30saNCS9S7pJafe37S1b6ZRxWXcnx6HbrHFFTNIk7-gFQ7_NJlET47w0naS8deLtIG/pubhtml" }, { "type": "WEB", "url": "https://words.filippo.io/dispatches/openssl-punycode/" } ], "summary": "X.509 Email Address Variable Length Buffer Overflow." } }, "id": "GSD-2022-3602", "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "modified": "2022-11-01T16:53:33.077627Z", "osvSchema": { "aliases": [ "CVE-2022-3602" ], "details": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).", "id": "GSD-2022-3602", "modified": "2023-12-13T01:19:40.048098Z", "schema_version": "1.4.0" }, "references": [ { "type": "ADVISORY", "url": "https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html" }, { "type": "ADVISORY", "url": "https://github.com/NCSC-NL/OpenSSL-2022" }, { "type": "ADVISORY", "url": "https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2022/2022-267005-1032.html" }, { "type": "ADVISORY", "url": "https://github.com/pblumo/openssl-vuln-nov-2022/" }, { "type": "ADVISORY", "url": "https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/" }, { "type": "FIX", "url": "https://github.com/openssl/openssl/commit/3b421ebc64c7b52f1b9feb3812bdc7781c784332" }, { "type": "FIX", "url": "https://www.openssl.org/source/openssl-3.0.7.tar.gz" }, { "type": "WEB", "url": "https://github.com/colmmacc/CVE-2022-3602" }, { "type": "WEB", "url": "https://twitter.com/hanno/status/1587775675397726209" }, { "type": "WEB", "url": "https://www.techsolvency.com/story-so-far/cve-tbd-openssl-3.0.7-critical/" }, { "type": "WEB", "url": "https://docs.google.com/spreadsheets/d/e/2PACX-1vT7ih8XJ5LHq-30saNCS9S7pJafe37S1b6ZRxWXcnx6HbrHFFTNIk7-gFQ7_NJlET47w0naS8deLtIG/pubhtml" }, { "type": "WEB", "url": "https://words.filippo.io/dispatches/openssl-punycode/" } ], "schema_version": "1.3.1" }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "openssl-security@openssl.org", "ID": "CVE-2022-3602", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "OpenSSL", "version": { "version_data": [ { "version_affected": "=", "version_value": "Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6)" } ] } } ] }, "vendor_name": "OpenSSL" } ] } }, "credits": [ { "lang": "en", "value": "Polar Bear" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Buffer overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.openssl.org/news/secadv/20221101.txt", "refsource": "MISC", "url": "https://www.openssl.org/news/secadv/20221101.txt" }, { "name": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3", "refsource": "MISC", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/01/15", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/01/15" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/01/16", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/01/16" }, { "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a", "refsource": "MISC", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/01/21", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/01/21" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/01/19", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/01/19" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/01/18", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/01/18" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/01/20", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/01/20" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/01/24", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/01/24" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/01/17", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/01/17" }, { "name": "https://security.gentoo.org/glsa/202211-01", "refsource": "MISC", "url": "https://security.gentoo.org/glsa/202211-01" }, { "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023", "refsource": "MISC", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023" }, { "name": "https://www.kb.cert.org/vuls/id/794340", "refsource": "MISC", "url": "https://www.kb.cert.org/vuls/id/794340" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/02/2", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/02/2" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/02/6", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/02/6" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/02/5", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/02/5" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/02/1", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/02/1" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/02/3", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/02/3" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/02/7", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/02/7" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/02/10", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/02/10" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/02/9", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/02/9" }, { "name": "http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/02/12", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/02/12" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/02/11", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/02/11" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/02/15", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/02/15" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/02/14", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/02/14" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/02/13", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/02/13" }, { "name": "https://security.netapp.com/advisory/ntap-20221102-0001/", "refsource": "MISC", "url": "https://security.netapp.com/advisory/ntap-20221102-0001/" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/03/1", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/03/1" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/03/2", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/03/2" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/03/3", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/03/3" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/03/5", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/03/5" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/03/7", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/03/7" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/03/6", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/03/6" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/03/9", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/03/9" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/03/10", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/03/10" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/03/11", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/11/03/11" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "\u003e=3.0.0 \u003c3.0.7", "affected_versions": "All versions starting from 3.0.0 before 3.0.7", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-787", "CWE-937" ], "date": "2023-08-08", "description": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).", "fixed_versions": [ "3.0.7" ], "identifier": "CVE-2022-3602", "identifiers": [ "CVE-2022-3602" ], "not_impacted": "All versions before 3.0.0, all versions starting from 3.0.7", "package_slug": "conan/openssl", "pubdate": "2022-11-01", "solution": "Upgrade to version 3.0.7 or above.", "title": "X.509 Email Address 4-byte Buffer Overflow", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2022-3602", "https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/", "https://www.openssl.org/news/secadv/20221101.txt" ], "uuid": "851f9162-1ada-4574-9343-cd6326c3c595" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.7", "versionStartIncluding": "3.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:19.0.0:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:18.12.0:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "18.11.0", "versionStartIncluding": "18.0.0", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "openssl-security@openssl.org", "ID": "CVE-2022-3602" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-120" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.openssl.org/news/secadv/20221101.txt", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ], "url": "https://www.openssl.org/news/secadv/20221101.txt" }, { "name": "[oss-security] 20221101 OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/01/15" }, { "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/01/16" }, { "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/01/17" }, { "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/01/18" }, { "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/01/19" }, { "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/01/24" }, { "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/01/20" }, { "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/01/21" }, { "name": "20221028 Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022", "refsource": "CISCO", "tags": [ "Third Party Advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a" }, { "name": "GLSA-202211-01", "refsource": "GENTOO", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202211-01" }, { "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023" }, { "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/02/1" }, { "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/02/2" }, { "name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/02/3" }, { "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/02/5" }, { "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/02/6" }, { "name": "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/02/9" }, { "name": "[oss-security] 20221102 Re: Fwd: Node.js security updates for all active release lines, November 2022", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/02/10" }, { "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/02/7" }, { "name": "http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html", "refsource": "MISC", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html" }, { "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/02/11" }, { "name": "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/02/12" }, { "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/02/15" }, { "name": "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/02/14" }, { "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/02/13" }, { "name": "https://security.netapp.com/advisory/ntap-20221102-0001/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20221102-0001/" }, { "name": "VU#794340", "refsource": "CERT-VN", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://www.kb.cert.org/vuls/id/794340" }, { "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/03/1" }, { "name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/03/2" }, { "name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/03/3" }, { "name": "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/03/5" }, { "name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/03/6" }, { "name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/03/7" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/", "refsource": "MISC", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/", "refsource": "MISC", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/03/11", "refsource": "MISC", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/03/11" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/03/10", "refsource": "MISC", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/03/10" }, { "name": "http://www.openwall.com/lists/oss-security/2022/11/03/9", "refsource": "MISC", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/03/9" }, { "name": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3", "refsource": "MISC", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3" } ] } }, "impact": { "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } }, "lastModifiedDate": "2023-01-19T15:48Z", "publishedDate": "2022-11-01T18:15Z" } } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.