csaf_opensuse - opensuse-su-2024:12469-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

cargo-audit-advisory-db-20221102-1.1 on GA media

Notes

Title of the patch

cargo-audit-advisory-db-20221102-1.1 on GA media

Description of the patch

These are all security issues fixed in the cargo-audit-advisory-db-20221102-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-12469

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         namespace: "https://www.suse.com/support/security/rating/",
         text: "moderate",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Copyright 2024 SUSE LLC. All rights reserved.",
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "en",
      notes: [
         {
            category: "summary",
            text: "cargo-audit-advisory-db-20221102-1.1 on GA media",
            title: "Title of the patch",
         },
         {
            category: "description",
            text: "These are all security issues fixed in the cargo-audit-advisory-db-20221102-1.1 package on the GA media of openSUSE Tumbleweed.",
            title: "Description of the patch",
         },
         {
            category: "details",
            text: "openSUSE-Tumbleweed-2024-12469",
            title: "Patchnames",
         },
         {
            category: "legal_disclaimer",
            text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            title: "Terms of use",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "https://www.suse.com/support/security/contact/",
         name: "SUSE Product Security Team",
         namespace: "https://www.suse.com/",
      },
      references: [
         {
            category: "external",
            summary: "SUSE ratings",
            url: "https://www.suse.com/support/security/rating/",
         },
         {
            category: "self",
            summary: "URL of this CSAF notice",
            url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12469-1.json",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2022-3602 page",
            url: "https://www.suse.com/security/cve/CVE-2022-3602/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2022-36086 page",
            url: "https://www.suse.com/security/cve/CVE-2022-36086/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2022-3786 page",
            url: "https://www.suse.com/security/cve/CVE-2022-3786/",
         },
      ],
      title: "cargo-audit-advisory-db-20221102-1.1 on GA media",
      tracking: {
         current_release_date: "2024-06-15T00:00:00Z",
         generator: {
            date: "2024-06-15T00:00:00Z",
            engine: {
               name: "cve-database.git:bin/generate-csaf.pl",
               version: "1",
            },
         },
         id: "openSUSE-SU-2024:12469-1",
         initial_release_date: "2024-06-15T00:00:00Z",
         revision_history: [
            {
               date: "2024-06-15T00:00:00Z",
               number: "1",
               summary: "Current version",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "cargo-audit-advisory-db-20221102-1.1.aarch64",
                        product: {
                           name: "cargo-audit-advisory-db-20221102-1.1.aarch64",
                           product_id: "cargo-audit-advisory-db-20221102-1.1.aarch64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "aarch64",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "cargo-audit-advisory-db-20221102-1.1.ppc64le",
                        product: {
                           name: "cargo-audit-advisory-db-20221102-1.1.ppc64le",
                           product_id: "cargo-audit-advisory-db-20221102-1.1.ppc64le",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "ppc64le",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "cargo-audit-advisory-db-20221102-1.1.s390x",
                        product: {
                           name: "cargo-audit-advisory-db-20221102-1.1.s390x",
                           product_id: "cargo-audit-advisory-db-20221102-1.1.s390x",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "s390x",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "cargo-audit-advisory-db-20221102-1.1.x86_64",
                        product: {
                           name: "cargo-audit-advisory-db-20221102-1.1.x86_64",
                           product_id: "cargo-audit-advisory-db-20221102-1.1.x86_64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "x86_64",
               },
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "openSUSE Tumbleweed",
                        product: {
                           name: "openSUSE Tumbleweed",
                           product_id: "openSUSE Tumbleweed",
                           product_identification_helper: {
                              cpe: "cpe:/o:opensuse:tumbleweed",
                           },
                        },
                     },
                  ],
                  category: "product_family",
                  name: "SUSE Linux Enterprise",
               },
            ],
            category: "vendor",
            name: "SUSE",
         },
      ],
      relationships: [
         {
            category: "default_component_of",
            full_product_name: {
               name: "cargo-audit-advisory-db-20221102-1.1.aarch64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.aarch64",
            },
            product_reference: "cargo-audit-advisory-db-20221102-1.1.aarch64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "cargo-audit-advisory-db-20221102-1.1.ppc64le as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.ppc64le",
            },
            product_reference: "cargo-audit-advisory-db-20221102-1.1.ppc64le",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "cargo-audit-advisory-db-20221102-1.1.s390x as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.s390x",
            },
            product_reference: "cargo-audit-advisory-db-20221102-1.1.s390x",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "cargo-audit-advisory-db-20221102-1.1.x86_64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.x86_64",
            },
            product_reference: "cargo-audit-advisory-db-20221102-1.1.x86_64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2022-3602",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2022-3602",
            },
         ],
         notes: [
            {
               category: "general",
               text: "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.aarch64",
               "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.ppc64le",
               "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.s390x",
               "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2022-3602",
               url: "https://www.suse.com/security/cve/CVE-2022-3602",
            },
            {
               category: "external",
               summary: "SUSE Bug 1204714 for CVE-2022-3602",
               url: "https://bugzilla.suse.com/1204714",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.aarch64",
                  "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.ppc64le",
                  "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.s390x",
                  "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 8.1,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               products: [
                  "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.aarch64",
                  "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.ppc64le",
                  "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.s390x",
                  "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2024-06-15T00:00:00Z",
               details: "important",
            },
         ],
         title: "CVE-2022-3602",
      },
      {
         cve: "CVE-2022-36086",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2022-36086",
            },
         ],
         notes: [
            {
               category: "general",
               text: "linked_list_allocator is an allocator usable for no_std systems. Prior to version 0.10.2, the heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than `3 * size_of::<usize>` because of metadata write operations. This vulnerability impacts all the initialization functions on the `Heap` and `LockedHeap` types, including `Heap::new`, `Heap::init`, `Heap::init_from_slice`, and `LockedHeap::new`. It also affects multiple uses of the `Heap::extend` method. Version 0.10.2 contains a patch for the issue. As a workaround, ensure that the heap is only initialized with a size larger than `3 * size_of::<usize>` and that the `Heap::extend` method is only called with sizes larger than `2 * size_of::<usize>()`. Also, ensure that the total heap size is (and stays) a multiple of `2 * size_of::<usize>()`.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.aarch64",
               "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.ppc64le",
               "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.s390x",
               "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2022-36086",
               url: "https://www.suse.com/security/cve/CVE-2022-36086",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.aarch64",
                  "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.ppc64le",
                  "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.s390x",
                  "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               products: [
                  "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.aarch64",
                  "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.ppc64le",
                  "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.s390x",
                  "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2024-06-15T00:00:00Z",
               details: "critical",
            },
         ],
         title: "CVE-2022-36086",
      },
      {
         cve: "CVE-2022-3786",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2022-3786",
            },
         ],
         notes: [
            {
               category: "general",
               text: "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.aarch64",
               "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.ppc64le",
               "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.s390x",
               "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2022-3786",
               url: "https://www.suse.com/security/cve/CVE-2022-3786",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.aarch64",
                  "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.ppc64le",
                  "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.s390x",
                  "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 5.9,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               products: [
                  "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.aarch64",
                  "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.ppc64le",
                  "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.s390x",
                  "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2024-06-15T00:00:00Z",
               details: "important",
            },
         ],
         title: "CVE-2022-3786",
      },
   ],
}

cve-2022-3786

Vulnerability from cvelistv5

Published

2022-11-01 00:00

Modified

2024-08-03 01:20

Severity ?

Summary

References

▼	URL	Tags
	https://www.openssl.org/news/secadv/20221101.txt	vendor-advisory
	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a	patch

Impacted products

	Vendor	Product	Version
	OpenSSL	OpenSSL	Version: 3.0.0 ≤

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T01:20:58.788Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "OpenSSL Advisory",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.openssl.org/news/secadv/20221101.txt",
               },
               {
                  name: "3.0.7 git commit",
                  tags: [
                     "patch",
                     "x_transferred",
                  ],
                  url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "OpenSSL",
               vendor: "OpenSSL",
               versions: [
                  {
                     lessThan: "3.0.7",
                     status: "affected",
                     version: "3.0.0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "finder",
               user: "00000000-0000-4000-9000-000000000000",
               value: "Viktor Dukhovni",
            },
         ],
         datePublic: "2022-11-01T00:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<p>A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.</p>",
                  },
               ],
               value: "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.\n\n",
            },
         ],
         metrics: [
            {
               format: "other",
               other: {
                  content: {
                     text: "HIGH",
                  },
                  type: "https://www.openssl.org/policies/secpolicy.html#high",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Buffer overflow",
                     lang: "en",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-04T07:28:32.835Z",
            orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            shortName: "openssl",
         },
         references: [
            {
               name: "OpenSSL Advisory",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.openssl.org/news/secadv/20221101.txt",
            },
            {
               name: "3.0.7 git commit",
               tags: [
                  "patch",
               ],
               url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "X.509 Email Address Variable Length Buffer Overflow",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
            importer: "vulnxml2json5.py 2022-11-04 07:19:07.034873",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
      assignerShortName: "openssl",
      cveId: "CVE-2022-3786",
      datePublished: "2022-11-01T00:00:00",
      dateReserved: "2022-11-01T00:00:00",
      dateUpdated: "2024-08-03T01:20:58.788Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-36086

Vulnerability from cvelistv5

Published

2022-09-07 22:50

Modified

2024-08-03 09:52

Severity ?

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

linked_list_allocator is an allocator usable for no_std systems. Prior to version 0.10.2, the heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than `3 * size_of::<usize>` because of metadata write operations. This vulnerability impacts all the initialization functions on the `Heap` and `LockedHeap` types, including `Heap::new`, `Heap::init`, `Heap::init_from_slice`, and `LockedHeap::new`. It also affects multiple uses of the `Heap::extend` method. Version 0.10.2 contains a patch for the issue. As a workaround, ensure that the heap is only initialized with a size larger than `3 * size_of::<usize>` and that the `Heap::extend` method is only called with sizes larger than `2 * size_of::<usize>()`. Also, ensure that the total heap size is (and stays) a multiple of `2 * size_of::<usize>()`.

References

▼	URL	Tags
	https://github.com/rust-osdev/linked-list-allocator/security/advisories/GHSA-xg8p-34w2-j49j	x_refsource_CONFIRM
	https://github.com/rust-osdev/linked-list-allocator/commit/013b0758643943e8df5b17bbb495460ff47e8bbf	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	rust-osdev	linked-list-allocator	Version: < 0.10.2

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T09:52:00.524Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/rust-osdev/linked-list-allocator/security/advisories/GHSA-xg8p-34w2-j49j",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/rust-osdev/linked-list-allocator/commit/013b0758643943e8df5b17bbb495460ff47e8bbf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "linked-list-allocator",
               vendor: "rust-osdev",
               versions: [
                  {
                     status: "affected",
                     version: "< 0.10.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "linked_list_allocator is an allocator usable for no_std systems. Prior to version 0.10.2, the heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than `3 * size_of::<usize>` because of metadata write operations. This vulnerability impacts all the initialization functions on the `Heap` and `LockedHeap` types, including `Heap::new`, `Heap::init`, `Heap::init_from_slice`, and `LockedHeap::new`. It also affects multiple uses of the `Heap::extend` method. Version 0.10.2 contains a patch for the issue. As a workaround, ensure that the heap is only initialized with a size larger than `3 * size_of::<usize>` and that the `Heap::extend` method is only called with sizes larger than `2 * size_of::<usize>()`. Also, ensure that the total heap size is (and stays) a multiple of `2 * size_of::<usize>()`.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-119",
                     description: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
            {
               descriptions: [
                  {
                     cweId: "CWE-787",
                     description: "CWE-787: Out-of-bounds Write",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-09-07T22:50:09",
            orgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
            shortName: "GitHub_M",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/rust-osdev/linked-list-allocator/security/advisories/GHSA-xg8p-34w2-j49j",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/rust-osdev/linked-list-allocator/commit/013b0758643943e8df5b17bbb495460ff47e8bbf",
            },
         ],
         source: {
            advisory: "GHSA-xg8p-34w2-j49j",
            discovery: "UNKNOWN",
         },
         title: "linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security-advisories@github.com",
               ID: "CVE-2022-36086",
               STATE: "PUBLIC",
               TITLE: "linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "linked-list-allocator",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "< 0.10.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "rust-osdev",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "linked_list_allocator is an allocator usable for no_std systems. Prior to version 0.10.2, the heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than `3 * size_of::<usize>` because of metadata write operations. This vulnerability impacts all the initialization functions on the `Heap` and `LockedHeap` types, including `Heap::new`, `Heap::init`, `Heap::init_from_slice`, and `LockedHeap::new`. It also affects multiple uses of the `Heap::extend` method. Version 0.10.2 contains a patch for the issue. As a workaround, ensure that the heap is only initialized with a size larger than `3 * size_of::<usize>` and that the `Heap::extend` method is only called with sizes larger than `2 * size_of::<usize>()`. Also, ensure that the total heap size is (and stays) a multiple of `2 * size_of::<usize>()`.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
                        },
                     ],
                  },
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-787: Out-of-bounds Write",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/rust-osdev/linked-list-allocator/security/advisories/GHSA-xg8p-34w2-j49j",
                     refsource: "CONFIRM",
                     url: "https://github.com/rust-osdev/linked-list-allocator/security/advisories/GHSA-xg8p-34w2-j49j",
                  },
                  {
                     name: "https://github.com/rust-osdev/linked-list-allocator/commit/013b0758643943e8df5b17bbb495460ff47e8bbf",
                     refsource: "MISC",
                     url: "https://github.com/rust-osdev/linked-list-allocator/commit/013b0758643943e8df5b17bbb495460ff47e8bbf",
                  },
               ],
            },
            source: {
               advisory: "GHSA-xg8p-34w2-j49j",
               discovery: "UNKNOWN",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
      assignerShortName: "GitHub_M",
      cveId: "CVE-2022-36086",
      datePublished: "2022-09-07T22:50:09",
      dateReserved: "2022-07-15T00:00:00",
      dateUpdated: "2024-08-03T09:52:00.524Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-3602

Vulnerability from cvelistv5

Published

2022-11-01 00:00

Modified

2024-08-03 01:14

Severity ?

Summary

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).

References

▼	URL	Tags
	https://www.openssl.org/news/secadv/20221101.txt
	https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3
	http://www.openwall.com/lists/oss-security/2022/11/01/15	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/01/16	mailing-list
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a	vendor-advisory
	http://www.openwall.com/lists/oss-security/2022/11/01/21	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/01/19	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/01/18	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/01/20	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/01/24	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/01/17	mailing-list
	https://security.gentoo.org/glsa/202211-01	vendor-advisory
	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023
	https://www.kb.cert.org/vuls/id/794340	third-party-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/	vendor-advisory
	http://www.openwall.com/lists/oss-security/2022/11/02/2	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/02/6	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/02/5	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/02/1	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/02/3	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/02/7	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/02/10	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/02/9	mailing-list
	http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html
	http://www.openwall.com/lists/oss-security/2022/11/02/12	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/02/11	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/02/15	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/02/14	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/02/13	mailing-list
	https://security.netapp.com/advisory/ntap-20221102-0001/
	http://www.openwall.com/lists/oss-security/2022/11/03/1	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/03/2	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/03/3	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/03/5	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/03/7	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/03/6	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/03/9	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/03/10	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/03/11	mailing-list

Impacted products

	Vendor	Product	Version
	OpenSSL	OpenSSL	Version: Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6)

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T01:14:02.712Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.openssl.org/news/secadv/20221101.txt",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3",
               },
               {
                  name: "[oss-security] 20221101 OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/01/15",
               },
               {
                  name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/01/16",
               },
               {
                  name: "20221028 Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a",
               },
               {
                  name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/01/21",
               },
               {
                  name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/01/19",
               },
               {
                  name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/01/18",
               },
               {
                  name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/01/20",
               },
               {
                  name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/01/24",
               },
               {
                  name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/01/17",
               },
               {
                  name: "GLSA-202211-01",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202211-01",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023",
               },
               {
                  name: "VU#794340",
                  tags: [
                     "third-party-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.kb.cert.org/vuls/id/794340",
               },
               {
                  name: "FEDORA-2022-0f1d2e0537",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/",
               },
               {
                  name: "FEDORA-2022-502f096dce",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/",
               },
               {
                  name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/02/2",
               },
               {
                  name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/02/6",
               },
               {
                  name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/02/5",
               },
               {
                  name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/02/1",
               },
               {
                  name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/02/3",
               },
               {
                  name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/02/7",
               },
               {
                  name: "[oss-security] 20221102 Re: Fwd: Node.js security updates for all active release lines, November 2022",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/02/10",
               },
               {
                  name: "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/02/9",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html",
               },
               {
                  name: "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/02/12",
               },
               {
                  name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/02/11",
               },
               {
                  name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/02/15",
               },
               {
                  name: "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/02/14",
               },
               {
                  name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/02/13",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20221102-0001/",
               },
               {
                  name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/03/1",
               },
               {
                  name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/03/2",
               },
               {
                  name: "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/03/3",
               },
               {
                  name: "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/03/5",
               },
               {
                  name: "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/03/7",
               },
               {
                  name: "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/03/6",
               },
               {
                  name: "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/03/9",
               },
               {
                  name: "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/03/10",
               },
               {
                  name: "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/03/11",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "OpenSSL",
               vendor: "OpenSSL",
               versions: [
                  {
                     status: "affected",
                     version: "Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6)",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "Polar Bear",
            },
         ],
         datePublic: "2022-11-01T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).",
            },
         ],
         metrics: [
            {
               other: {
                  content: {
                     lang: "eng",
                     url: "https://www.openssl.org/policies/secpolicy.html#HIGH",
                     value: "HIGH",
                  },
                  type: "unknown",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Buffer overflow",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-03T00:00:00",
            orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            shortName: "openssl",
         },
         references: [
            {
               url: "https://www.openssl.org/news/secadv/20221101.txt",
            },
            {
               url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3",
            },
            {
               name: "[oss-security] 20221101 OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/01/15",
            },
            {
               name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/01/16",
            },
            {
               name: "20221028 Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a",
            },
            {
               name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/01/21",
            },
            {
               name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/01/19",
            },
            {
               name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/01/18",
            },
            {
               name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/01/20",
            },
            {
               name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/01/24",
            },
            {
               name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/01/17",
            },
            {
               name: "GLSA-202211-01",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202211-01",
            },
            {
               url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023",
            },
            {
               name: "VU#794340",
               tags: [
                  "third-party-advisory",
               ],
               url: "https://www.kb.cert.org/vuls/id/794340",
            },
            {
               name: "FEDORA-2022-0f1d2e0537",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/",
            },
            {
               name: "FEDORA-2022-502f096dce",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/",
            },
            {
               name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/02/2",
            },
            {
               name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/02/6",
            },
            {
               name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/02/5",
            },
            {
               name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/02/1",
            },
            {
               name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/02/3",
            },
            {
               name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/02/7",
            },
            {
               name: "[oss-security] 20221102 Re: Fwd: Node.js security updates for all active release lines, November 2022",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/02/10",
            },
            {
               name: "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/02/9",
            },
            {
               url: "http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html",
            },
            {
               name: "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/02/12",
            },
            {
               name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/02/11",
            },
            {
               name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/02/15",
            },
            {
               name: "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/02/14",
            },
            {
               name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/02/13",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20221102-0001/",
            },
            {
               name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/03/1",
            },
            {
               name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/03/2",
            },
            {
               name: "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/03/3",
            },
            {
               name: "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/03/5",
            },
            {
               name: "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/03/7",
            },
            {
               name: "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/03/6",
            },
            {
               name: "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/03/9",
            },
            {
               name: "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/03/10",
            },
            {
               name: "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/03/11",
            },
         ],
         title: "X.509 Email Address 4-byte Buffer Overflow",
      },
   },
   cveMetadata: {
      assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
      assignerShortName: "openssl",
      cveId: "CVE-2022-3602",
      datePublished: "2022-11-01T00:00:00",
      dateReserved: "2022-10-19T00:00:00",
      dateUpdated: "2024-08-03T01:14:02.712Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_opensuse

cve-2022-3786

Vulnerability from cvelistv5

cve-2022-36086

Vulnerability from cvelistv5

cve-2022-3602

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature