GoogleOSV:GHSA-H8JM-2X53-XHP5X.509 Email Address Variable Length Buffer Overflow
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
47.2%
A buffer overrun can be triggered in X.509 certificate verification,
specifically in name constraint checking. Note that this occurs after
certificate chain signature verification and requires either a CA to
have signed a malicious certificate or for an application to continue
certificate verification despite failure to construct a path to a trusted
issuer. An attacker can craft a malicious email address in a certificate
to overflow an arbitrary number of bytes containing the . character
(decimal 46) on the stack. This buffer overflow could result in a crash
(causing a denial of service).
In a TLS client, this can be triggered by connecting to a malicious
server. In a TLS server, this can be triggered if the server requests
client authentication and a malicious client connects.
References
packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html
www.openwall.com/lists/oss-security/2022/11/01/15
www.openwall.com/lists/oss-security/2022/11/01/16
www.openwall.com/lists/oss-security/2022/11/01/17
www.openwall.com/lists/oss-security/2022/11/01/18
www.openwall.com/lists/oss-security/2022/11/01/19
www.openwall.com/lists/oss-security/2022/11/01/20
www.openwall.com/lists/oss-security/2022/11/01/21
www.openwall.com/lists/oss-security/2022/11/01/24
www.openwall.com/lists/oss-security/2022/11/02/1
www.openwall.com/lists/oss-security/2022/11/02/10
www.openwall.com/lists/oss-security/2022/11/02/11
www.openwall.com/lists/oss-security/2022/11/02/12
www.openwall.com/lists/oss-security/2022/11/02/13
www.openwall.com/lists/oss-security/2022/11/02/14
www.openwall.com/lists/oss-security/2022/11/02/15
www.openwall.com/lists/oss-security/2022/11/02/2
www.openwall.com/lists/oss-security/2022/11/02/3
www.openwall.com/lists/oss-security/2022/11/02/5
www.openwall.com/lists/oss-security/2022/11/02/6
www.openwall.com/lists/oss-security/2022/11/02/7
www.openwall.com/lists/oss-security/2022/11/02/9
www.openwall.com/lists/oss-security/2022/11/03/1
www.openwall.com/lists/oss-security/2022/11/03/10
www.openwall.com/lists/oss-security/2022/11/03/11
www.openwall.com/lists/oss-security/2022/11/03/2
www.openwall.com/lists/oss-security/2022/11/03/3
www.openwall.com/lists/oss-security/2022/11/03/5
www.openwall.com/lists/oss-security/2022/11/03/6
www.openwall.com/lists/oss-security/2022/11/03/7
www.openwall.com/lists/oss-security/2022/11/03/9
git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=c42165b5706e42f67ef8ef4c351a9a4c5d21639a
git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a
github.com/alexcrichton/openssl-src-rs
github.com/alexcrichton/openssl-src-rs/commit/4a31c14f31e1a08c18893a37e304dd1dd4b7daa3
github.com/openssl/openssl/commit/fe3b639dc19b325846f4f6801f2f4604f56e3de3
github.com/rustsec/advisory-db/pull/1452
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS
lists.fedoraproject.org/archives/list/[email protected]/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S
lists.fedoraproject.org/archives/list/[email protected]/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS
nvd.nist.gov/vuln/detail/CVE-2022-3786
psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023
rustsec.org/advisories/RUSTSEC-2022-0065.html
security.gentoo.org/glsa/202211-01
security.netapp.com/advisory/ntap-20221102-0001
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a
www.kb.cert.org/vuls/id/794340
www.openssl.org/news/secadv/20221101.txt
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
47.2%