Lucene search

China National Vulnerability DatabaseCNVD-2022-73349

HistoryNov 03, 2022 - 12:00 a.m.

OpenSSL Denial of Service Vulnerability (CNVD-2022-73349)

2022-11-0300:00:00

China National Vulnerability Database

www.cnvd.org.cn

openssl

denial of service

vulnerability

malicious email address

certificate

service crash

tls protocol

cryptographic library

computer networks

eavesdropping

0.001 Low

EPSS

Percentile

47.4%

JSON

OpenSSL is a powerful, commercial-grade, full-featured open source toolkit for the Transport Layer Security (TLS) protocol, which is implemented based on the Full Strength Common Cryptographic Library for protecting communications on computer networks from eavesdropping and is widely used by Internet servers. openSSL suffers from a denial-of-service vulnerability that could be exploited by an attacker to craft a certificate containing a malicious email address to overflow containing “.” to cause a service crash.

CPENameOperatorVersion
OpenSSL OpenSSL 3.*，lt3.0.7

CPE	Name	Operator	Version
	OpenSSL OpenSSL 3.*，	lt	3.0.7

nvd

CVE-2022-3786

2022-11-01 18:15:11

alpinelinux

CVE-2022-3786

2022-11-01 18:15:11

veracode

Buffer Overflow

2022-11-01 19:44:02

cvelist

CVE-2022-3786 X.509 Email Address Variable Length Buffer Overflow

2022-11-01 00:00:00

osv

CVE-2022-3786

2022-11-01 18:15:11

BIT-node-2022-3786

2024-03-06 11:02:40

X.509 Email Address Variable Length Buffer Overflow

2022-11-01 17:45:21

debiancve

CVE-2022-3786

2022-11-01 18:15:11

wolfi

CVE-2022-3786 vulnerabilities

2024-07-01 09:08:36

cgr

CVE-2022-3786 vulnerabilities

2024-05-19 03:07:16

prion

Stack overflow

2022-11-01 18:15:00

rustsec

X.509 Email Address Variable Length Buffer Overflow

2022-11-01 12:00:00

cve

CVE-2022-3786

2022-11-01 18:15:11

openssl

Vulnerability in OpenSSL CVE-2022-3786

2022-11-01 00:00:00

githubexploit

Exploit for Classic Buffer Overflow in Openssl

2022-12-13 16:43:01

redhatcve

CVE-2022-3786

2022-11-01 16:26:08

checkpoint_advisories

OpenSSL Buffer Overflow (CVE-2022-3786)

2022-11-03 00:00:00

OpenSSL Buffer Overflow (CVE-2022-3602; CVE-2022-3786)

2022-11-03 00:00:00

github

X.509 Email Address Variable Length Buffer Overflow

2022-11-01 17:45:21

ics

Hitachi Energy PCU400

2023-01-19 12:00:00

Siemens Products affected by OpenSSL 3.0

2022-12-15 12:00:00

Hitachi Energy Lumada Asset Performance Management

2023-01-05 12:00:00

OpenSSL vulnerabilities CVE-2022-3786 and CVE-2022-3602

2022-10-28 17:31:00

rocky

openssl security update

2022-11-01 18:25:07

redhat

(RHSA-2022:7288) Important: openssl security update

2022-11-01 18:25:07

(RHSA-2022:7384) Important: openssl-container security update

2022-11-02 18:29:10

(RHSA-2023:0786) Important: Network observability 1.1.0 security update

2023-02-15 11:39:53

ibm

Security Bulletin: IBM MQ Advanced Message Security on IBM i platforms is affected by a buffer overflow issue in OpenSSL (CVE-2022-3602, CVE-2022-3786)

2022-11-04 12:45:04

Security Bulletin: IBM Observability with Instana (OnPrem) affected by OpenSSL vulnerabilities.

2023-03-07 09:44:53

Security Bulletin: Vulnerabilities in OpenSSL may affect IBM Spectrum Protect Plus (CVE-2022-3602, CVE-2022-3786)

2023-05-30 17:46:44

msrc

OpenSSL 3.0 ~ 3.0.6 のリスク (CVE-2022-3786 および CVE-2202-3602) に関する認識とガイダンス

2022-11-03 07:00:00

Awareness and guidance related to OpenSSL 3.0 – 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602)

2022-11-03 00:46:06

Awareness and guidance related to OpenSSL 3.0 - 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602)

2022-11-02 07:00:00

openvas

Fedora: Security Advisory for openssl (FEDORA-2022-0f1d2e0537)

2022-11-03 00:00:00

Fedora: Security Advisory for openssl (FEDORA-2022-502f096dce)

2022-11-02 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:4586-1)

2022-12-21 00:00:00

oraclelinux

openssl security update

2022-11-01 00:00:00

openssl security update

2022-11-01 00:00:00

openssl security update

2022-11-17 00:00:00

gentoo

OpenSSL: Multiple Vulnerabilities

2022-11-01 00:00:00

Node.js: Multiple Vulnerabilities

2024-05-08 00:00:00

amd

OpenSSL Vulnerabilities

2023-08-08 00:00:00

nessus

AlmaLinux 9 : openssl (ALSA-2022:7288)

2022-11-02 00:00:00

GLSA-202211-01 : OpenSSL: Multiple Vulnerabilities

2022-11-02 00:00:00

Tenable Nessus Agent 10.x < 10.2.1 Multiple Vulnerabilities (TNS-2022-22)

2022-11-04 00:00:00

nvidia

Security Notice: NVIDIA Response to OpenSSL Vulnerabilities - November 2022

2022-11-01 00:00:00

hivepro

Patch available for pre-announced Critical Vulnerability in OpenSSL

2022-11-02 07:27:54

photon

Important Photon OS Security Update - PHSA-2022-0272

2022-11-02 00:00:00

Important Photon OS Security Update - PHSA-2022-4.0-0272

2022-11-02 00:00:00

Critical Photon OS Security Update - PHSA-2023-5.0-0011

2023-05-24 00:00:00

mscve

OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrun

2022-11-02 07:00:00

OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun

2022-11-02 07:00:00

intel

Intel® Software Products Advisory for OpenSSL Vulnerabilities (CVE-2022-3786 & CVE-2022-3602) Advisory

2023-02-02 00:00:00

akamaiblog

An update on the impact of OpenSSL CVE-2022-3602 and CVE-2022-3786 on Akamai's systems

2022-11-07 10:00:00

kaspersky

KLA20036 Multiple vulnerabilities in Microsoft Azure

2022-11-02 00:00:00

KLA20037 Multiple vulnerabilities in Microsoft Open Source Software

2022-11-02 00:00:00

fedora

[SECURITY] Fedora 36 Update: openssl-3.0.5-2.fc36

2022-11-02 01:50:12

[SECURITY] Fedora 37 Update: openssl-3.0.5-3.fc37

2022-11-02 02:01:31

ubuntucve

CVE-2022-3786

2022-11-01 00:00:00

cisa

OpenSSL Releases Security Update

2022-11-01 00:00:00

freebsd

OpenSSL -- Buffer overflows in Email verification

2022-11-01 00:00:00

arista

Security Advisory 0081

2022-11-01 00:00:00

talosblog

Threat Advisory: High Severity OpenSSL Vulnerabilities

2022-11-01 19:03:49

cisco

Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022

2022-10-28 16:00:00

almalinux

Important: openssl security update

2022-11-01 00:00:00

rapid7blog

CVE-2022-3786 and CVE-2022-3602: Two High-Severity Buffer Overflow Vulnerabilities in OpenSSL Fixed

2022-11-01 16:38:53

Rapid7’s Impact from OpenSSL Buffer Overflow Vulnerabilities (CVE-2022-3786 & CVE-2022-3602)

2022-11-11 13:41:22

Year in Review: Rapid7 Vulnerability Management

2023-01-09 17:00:00

fortinet

Protect

2022-10-28 00:00:00

wizblog

OpenSSL vulnerabilities: Everything you need to know

2022-10-29 04:11:46

qualysblog

Qualys Research Alert: OpenSSL 3.0.7 – What You Need To Know

2022-10-31 14:15:52

OpenSSL Vulnerability Recap

2022-11-03 17:00:00

November 2022 Patch Tuesday | Microsoft Releases 65 New Vulnerabilities with 10 Critical; Adobe Releases Zero Advisories (for the first time in six years).

2022-11-08 21:00:00

trellix

CVE-2023-0286: The OpenSSL Who Cried “Severity: High

2023-02-09 00:00:00

CVE-2023-0286: The OpenSSL Who Cried “Severity: High

2023-02-09 00:00:00

OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602

2022-11-01 00:00:00

suse

Security update for openssl-3 (critical)

2022-11-01 00:00:00

ubuntu

OpenSSL vulnerabilities

2022-11-01 00:00:00

nodejsblog

Nov 3 2022 Security Releases

2022-11-01 00:00:00

aix

Multiple vulnerabilities in OpenSSL affect AIX

2023-01-24 09:22:21

cert

OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly

2022-11-01 00:00:00

thn

OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities

2022-11-01 16:26:00

oracle

Oracle Critical Patch Update Advisory - January 2024

2024-01-16 00:00:00

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

0.001 Low

EPSS

Percentile

47.4%

JSON

OpenSSL Denial of Service Vulnerability (CNVD-2022-73349)

Related