CVE-2022-3786

Published Nov 1, 2022

Last updated a year ago

CVSS high 7.5

Overview

Description: A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.
Source: openssl-security@openssl.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-120

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE1F59CA-02F2-4374-A129-18713496B58B",
            "versionEndExcluding": "3.0.7",
            "versionStartIncluding": "3.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CAC42CA8-8B01-4A19-A83C-A7D4D08E5E43",
            "versionEndExcluding": "18.11.0",
            "versionStartIncluding": "18.0.0"
          },
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:18.12.0:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B1F87EE-4E30-4832-BF01-8501E94380EE"
          },
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:19.0.0:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F568BBC5-0D8E-499C-9F3E-DDCE5F10F9D5"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References