wid-sec-w-2022-1922
Vulnerability from csaf_certbund
Published
2022-11-01 23:00
Modified
2024-06-04 22:00
Summary
OpenSSL: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um einen Denial of Service Zustand herbeizuführen und potenziell um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- Appliance
- CISCO Appliance
- F5 Networks
- Hardware Appliance
- Juniper Appliance
- Linux
- MacOS X
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "OpenSSL ist eine im Quelltext frei verf\u00fcgbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren und potenziell um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Appliance\n- CISCO Appliance\n- F5 Networks\n- Hardware Appliance\n- Juniper Appliance\n- Linux\n- MacOS X\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1922 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1922.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1922 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1922"
},
{
"category": "external",
"summary": "OpenSSL Security Advisory vom 2022-11-01",
"url": "https://www.openssl.org/news/secadv/20221101.txt"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7288 vom 2022-11-01",
"url": "https://access.redhat.com/errata/RHSA-2022:7288"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-157 vom 2022-11-01",
"url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-157.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-7288 vom 2022-11-01",
"url": "https://linux.oracle.com/errata/ELSA-2022-7288.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3843-1 vom 2022-11-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/012796.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202211-01 vom 2022-11-01",
"url": "https://security.gentoo.org/glsa/202211-01"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5710-1 vom 2022-11-01",
"url": "https://ubuntu.com/security/notices/USN-5710-1"
},
{
"category": "external",
"summary": "Juniper Security Bulletin vom 2022-11-01",
"url": "https://supportportal.juniper.net/s/article/2022-11-Out-of-Cycle-Security-Bulletin-High-severity-security-issues-resolved-in-OpenSSL-3-0-7-CVE-2022-3602-CVE-2022-3786"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-openssl-W9sdCc2a vom 2022-11-01",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a"
},
{
"category": "external",
"summary": "PoC",
"url": "https://github.com/micr0sh0ft/certscare-openssl3-exploit"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2022-22 vom 2022-11-02",
"url": "https://www.cybersecurity-help.cz/vdb/SB2022110251"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7384 vom 2022-11-03",
"url": "https://access.redhat.com/errata/RHSA-2022:7384"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2022-24 vom 2022-11-03",
"url": "https://www.tenable.com/security/tns-2022-24"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2022-22 vom 2022-11-02",
"url": "https://www.tenable.com/security/tns-2022-22"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2022-23 vom 2022-11-03",
"url": "https://www.tenable.com/security/tns-2022-23"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20221102-0001 vom 2022-11-02",
"url": "https://security.netapp.com/advisory/ntap-20221102-0001/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6837195 vom 2022-11-05",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-advanced-message-security-on-ibm-i-platforms-is-affected-by-a-buffer-overflow-issue-in-openssl-cve-2022-3602-cve-2022-3786/"
},
{
"category": "external",
"summary": "node.js Security Release",
"url": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/"
},
{
"category": "external",
"summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates vom 2022-11-02",
"url": "https://msrc.microsoft.com/update-guide"
},
{
"category": "external",
"summary": "Unify Security Advisory Report OBSO-2211-01 vom 2022-11-08",
"url": "https://networks.unify.com/security/advisories/OBSO-2211-01.pdf"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2022-25 vom 2022-11-08",
"url": "https://www.tenable.com/security/tns-2022-25"
},
{
"category": "external",
"summary": "Alcatel-Lucent Security Advisory",
"url": "https://app.conversation.al-enterprise.com/e/er?s=138097979\u0026lid=16028"
},
{
"category": "external",
"summary": "SolarWinds Trust Center Security Advisories",
"url": "https://www.solarwinds.com/de/trust-center/security-advisories/cve-2022-3602-and-cve-2022-3786"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-10004 vom 2022-11-17",
"url": "https://linux.oracle.com/errata/ELSA-2022-10004.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4586-1 vom 2022-12-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013293.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6857295 vom 2023-01-24",
"url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory37.asc"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6999285 vom 2023-05-30",
"url": "https://www.ibm.com/support/pages/node/6999285"
},
{
"category": "external",
"summary": "Lenovo Security Advisory LEN-106015 vom 2023-08-09",
"url": "https://support.lenovo.com/us/en/product_security/LEN-106015"
},
{
"category": "external",
"summary": "AMD Security Bulletin AMD-SB-7001 vom 2023-08-09",
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7001.html"
},
{
"category": "external",
"summary": "HPE Securi+y Bulletin",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-hpesbst04494en_us"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-286 vom 2024-01-23",
"url": "https://alas.aws.amazon.com/AL2022/ALAS-2023-286.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12343 vom 2024-04-25",
"url": "https://linux.oracle.com/errata/ELSA-2024-12343.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-20865 vom 2024-04-25",
"url": "https://linux.oracle.com/errata/ELSA-2024-20865.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-23120 vom 2024-06-04",
"url": "https://linux.oracle.com/errata/ELSA-2024-23120.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12409 vom 2024-06-04",
"url": "https://linux.oracle.com/errata/ELSA-2024-12409.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12408 vom 2024-06-05",
"url": "https://linux.oracle.com/errata/ELSA-2024-12408.html"
}
],
"source_lang": "en-US",
"title": "OpenSSL: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-06-04T22:00:00.000+00:00",
"generator": {
"date": "2024-06-05T08:08:36.961+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2022-1922",
"initial_release_date": "2022-11-01T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-11-01T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-11-02T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Tenable, Red Hat und NetApp aufgenommen"
},
{
"date": "2022-11-06T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-11-08T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Unify und Tenable aufgenommen"
},
{
"date": "2022-11-10T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2022-11-17T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-12-20T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-01-24T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-05-30T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-08-08T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von LENOVO und AMD aufgenommen"
},
{
"date": "2023-08-13T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von HP aufgenommen"
},
{
"date": "2024-01-22T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-04-24T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-06-04T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "14"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "AMD Radeon",
"product": {
"name": "AMD Radeon",
"product_id": "T029174",
"product_identification_helper": {
"cpe": "cpe:/h:amd:radeon:-"
}
}
}
],
"category": "vendor",
"name": "AMD"
},
{
"branches": [
{
"category": "product_name",
"name": "Alcatel Lucent Enterprise OmniSwitch",
"product": {
"name": "Alcatel Lucent Enterprise OmniSwitch",
"product_id": "T017286",
"product_identification_helper": {
"cpe": "cpe:/h:alcatel-lucent:omniswitch:-"
}
}
}
],
"category": "vendor",
"name": "Alcatel Lucent Enterprise"
},
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Broadcom Brocade Switch",
"product": {
"name": "Broadcom Brocade Switch",
"product_id": "T015844",
"product_identification_helper": {
"cpe": "cpe:/h:brocade:switch:-"
}
}
}
],
"category": "vendor",
"name": "Broadcom"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Switch",
"product": {
"name": "HPE Switch",
"product_id": "T005119",
"product_identification_helper": {
"cpe": "cpe:/h:hp:switch:-"
}
}
}
],
"category": "vendor",
"name": "HPE"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM AIX",
"product": {
"name": "IBM AIX",
"product_id": "5094",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "9.3 LTS",
"product": {
"name": "IBM MQ 9.3 LTS",
"product_id": "T024689",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:9.3_lts"
}
}
}
],
"category": "product_name",
"name": "MQ"
},
{
"branches": [
{
"category": "product_version_range",
"name": "plus \u003c10.1.14",
"product": {
"name": "IBM Spectrum Protect plus \u003c10.1.14",
"product_id": "T027906",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect:plus__10.1.14"
}
}
}
],
"category": "product_name",
"name": "Spectrum Protect"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Evolved",
"product": {
"name": "Juniper JUNOS Evolved",
"product_id": "T018886",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:evolved"
}
}
}
],
"category": "product_name",
"name": "JUNOS"
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"category": "product_name",
"name": "Lenovo Computer",
"product": {
"name": "Lenovo Computer",
"product_id": "T026557",
"product_identification_helper": {
"cpe": "cpe:/h:lenovo:computer:-"
}
}
}
],
"category": "vendor",
"name": "Lenovo"
},
{
"branches": [
{
"category": "product_name",
"name": "Microsoft Windows Azure",
"product": {
"name": "Microsoft Windows Azure",
"product_id": "T010156",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:windows_azure:-"
}
}
}
],
"category": "vendor",
"name": "Microsoft"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp Data ONTAP",
"product": {
"name": "NetApp Data ONTAP",
"product_id": "7654",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:data_ontap:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c14.21.1",
"product": {
"name": "Open Source Node.js \u003c14.21.1",
"product_id": "T025226",
"product_identification_helper": {
"cpe": "cpe:/a:nodejs:nodejs:14.21.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c16.18.1",
"product": {
"name": "Open Source Node.js \u003c16.18.1",
"product_id": "T025228",
"product_identification_helper": {
"cpe": "cpe:/a:nodejs:nodejs:16.18.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c18.12.1",
"product": {
"name": "Open Source Node.js \u003c18.12.1",
"product_id": "T025229",
"product_identification_helper": {
"cpe": "cpe:/a:nodejs:nodejs:18.12.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c19.0.1",
"product": {
"name": "Open Source Node.js \u003c19.0.1",
"product_id": "T025230",
"product_identification_helper": {
"cpe": "cpe:/a:nodejs:nodejs:19.0.1"
}
}
}
],
"category": "product_name",
"name": "Node.js"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=3.0.0",
"product": {
"name": "Open Source OpenSSL \u003e=3.0.0",
"product_id": "T021310",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.0.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.0.7",
"product": {
"name": "Open Source OpenSSL \u003c3.0.7",
"product_id": "T025170",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.0.7"
}
}
}
],
"category": "product_name",
"name": "OpenSSL"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "T015361",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "15.3.1",
"product": {
"name": "SolarWinds Serv-U Managed File Transfer Server 15.3.1",
"product_id": "1174338",
"product_identification_helper": {
"cpe": "cpe:/a:solarwinds:serv-u:15.3.1"
}
}
}
],
"category": "product_name",
"name": "Serv-U Managed File Transfer Server"
}
],
"category": "vendor",
"name": "SolarWinds"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Agent 10.0.0-10.2.0",
"product": {
"name": "Tenable Security Nessus Agent 10.0.0-10.2.0",
"product_id": "T025191",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus:agent_10.0.0_-_10.2.0"
}
}
},
{
"category": "product_version",
"name": "10.3.2",
"product": {
"name": "Tenable Security Nessus 10.3.2",
"product_id": "T025192",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus:10.3.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.4.1",
"product": {
"name": "Tenable Security Nessus \u003c10.4.1",
"product_id": "T025193",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus:10.4.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003cnetwork monitor 6.1.1",
"product": {
"name": "Tenable Security Nessus \u003cnetwork monitor 6.1.1",
"product_id": "T025264",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus:network_monitor_6.1.1"
}
}
}
],
"category": "product_name",
"name": "Nessus"
}
],
"category": "vendor",
"name": "Tenable Security"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e10.4.8.2",
"product": {
"name": "Unify OpenScape UC Application \u003e10.4.8.2",
"product_id": "T025257",
"product_identification_helper": {
"cpe": "cpe:/a:unify:openscape_uc_application:10.4.8.2"
}
}
}
],
"category": "product_name",
"name": "OpenScape UC Application"
}
],
"category": "vendor",
"name": "Unify"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-3602",
"notes": [
{
"category": "description",
"text": "In OpenSSL existieren mehrere Schwachstellen aufgrund von zwei Puffer\u00fcberlauffehlern bei der Verarbeitung von E-Mailadressen. Diese k\u00f6nnen ausgel\u00f6st werden, wenn Name Constraints gepr\u00fcft werden. Die Pr\u00fcfung erfolgt jedoch erst, nachdem die Zertifikatskette grundlegend validiert wurde. F\u00fcr einen erfolgreichen Angriff muss eine beim Opfer als vertrauensw\u00fcrdig eingestufte CA ein b\u00f6sartig gestaltetes Zertifikat ausstellen, welches beim Angriff durch das Opfersystem validiert werden muss. Dadurch kann ein Angreifer einen Denial of Service Zustand herbeif\u00fchren oder potenziell Code ausf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T025193",
"T029174",
"67646",
"T025192",
"T015844",
"T025191",
"T010156",
"T004914",
"T015361",
"T018886",
"T024689",
"T025257",
"398363",
"T025230",
"7654",
"T005119",
"T012167",
"5094",
"T017286",
"T027906",
"T002207",
"T025228",
"1174338",
"T000126",
"T025229",
"T025226",
"T026557",
"T025264"
]
},
"release_date": "2022-11-01T23:00:00Z",
"title": "CVE-2022-3602"
},
{
"cve": "CVE-2022-3786",
"notes": [
{
"category": "description",
"text": "In OpenSSL existieren mehrere Schwachstellen aufgrund von zwei Puffer\u00fcberlauffehlern bei der Verarbeitung von E-Mailadressen. Diese k\u00f6nnen ausgel\u00f6st werden, wenn Name Constraints gepr\u00fcft werden. Die Pr\u00fcfung erfolgt jedoch erst, nachdem die Zertifikatskette grundlegend validiert wurde. F\u00fcr einen erfolgreichen Angriff muss eine beim Opfer als vertrauensw\u00fcrdig eingestufte CA ein b\u00f6sartig gestaltetes Zertifikat ausstellen, welches beim Angriff durch das Opfersystem validiert werden muss. Dadurch kann ein Angreifer einen Denial of Service Zustand herbeif\u00fchren oder potenziell Code ausf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T025193",
"T029174",
"67646",
"T025192",
"T015844",
"T025191",
"T010156",
"T004914",
"T015361",
"T018886",
"T024689",
"T025257",
"398363",
"T025230",
"7654",
"T005119",
"T012167",
"5094",
"T017286",
"T027906",
"T002207",
"T025228",
"1174338",
"T000126",
"T025229",
"T025226",
"T026557",
"T025264"
]
},
"release_date": "2022-11-01T23:00:00Z",
"title": "CVE-2022-3786"
}
]
}
Loading...