A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.’ character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.

CPENameOperatorVersion
fedoraeq36
fedoraeq37
node.jseq19.0.0
node.jseq18.12.0
node.jsge18.0.0
node.jslt18.11.0
opensslge3.0.0
openssllt3.0.7

Name	Operator	Version
fedora	eq	36
fedora	eq	37
node.js	eq	19.0.0
node.js	eq	18.12.0
node.js	ge	18.0.0
node.js	lt	18.11.0
openssl	ge	3.0.0
openssl	lt	3.0.7

References

git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a

www.openssl.org/news/secadv/20221101.txt

veracode 1

nvd 1

alpinelinux 1

cvelist 1

osv 7

cnvd 1

debiancve 1

wolfi 1

cgr 1

rustsec 1

cve 1

redhatcve 1

checkpoint_advisories 2

github 1

openssl 1

githubexploit 1

ics 4

rocky 1

redhat 3

openvas 11

msrc 4

gentoo 2

oraclelinux 3

f5 1

ibm 12

fedora 2

nessus 26

arista 1

cisco 1

talosblog 1

cisa 1

ubuntucve 1

freebsd 1

almalinux 1

intel 1

akamaiblog 1

hivepro 1

nvidia 1

mscve 2

amd 1

photon 3

kaspersky 2

rapid7blog 4

fortinet 1

qualysblog 3

wizblog 1

trellix 6

suse 1

ubuntu 1

nodejsblog 1

aix 1

cert 1

thn 1

oracle 4

veracode

Buffer Overflow

2022-11-01 19:44:02

nvd

CVE-2022-3786

2022-11-01 18:15:11

alpinelinux

CVE-2022-3786

2022-11-01 18:15:11

cvelist

CVE-2022-3786 X.509 Email Address Variable Length Buffer Overflow

2022-11-01 00:00:00

osv

BIT-node-2022-3786

2024-03-06 11:02:40

CVE-2022-3786

2022-11-01 18:15:11

X.509 Email Address Variable Length Buffer Overflow

2022-11-01 17:45:21

cnvd

OpenSSL Denial of Service Vulnerability (CNVD-2022-73349)

2022-11-03 00:00:00

debiancve

CVE-2022-3786

2022-11-01 18:15:11

wolfi

CVE-2022-3786 vulnerabilities

2024-07-01 09:08:36

cgr

CVE-2022-3786 vulnerabilities

2024-05-19 03:07:16

rustsec

X.509 Email Address Variable Length Buffer Overflow

2022-11-01 12:00:00

cve

CVE-2022-3786

2022-11-01 18:15:11

redhatcve

CVE-2022-3786

2022-11-01 16:26:08

checkpoint_advisories

OpenSSL Buffer Overflow (CVE-2022-3786)

2022-11-03 00:00:00

OpenSSL Buffer Overflow (CVE-2022-3602; CVE-2022-3786)

2022-11-03 00:00:00

github

X.509 Email Address Variable Length Buffer Overflow

2022-11-01 17:45:21

openssl

Vulnerability in OpenSSL CVE-2022-3786

2022-11-01 00:00:00

githubexploit

Exploit for Classic Buffer Overflow in Openssl

2022-12-13 16:43:01

ics

Hitachi Energy PCU400

2023-01-19 12:00:00

Siemens Products affected by OpenSSL 3.0

2022-12-15 12:00:00

Hitachi Energy Lumada Asset Performance Management

2023-01-05 12:00:00

rocky

openssl security update

2022-11-01 18:25:07

redhat

(RHSA-2022:7288) Important: openssl security update

2022-11-01 18:25:07

(RHSA-2022:7384) Important: openssl-container security update

2022-11-02 18:29:10

(RHSA-2023:0786) Important: Network observability 1.1.0 security update

2023-02-15 11:39:53

openvas

Fedora: Security Advisory for openssl (FEDORA-2022-0f1d2e0537)

2022-11-03 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:4586-1)

2022-12-21 00:00:00

Tenable Nessus Network Monitor < 6.1.1 Multiple Vulnerabilities (TNS-2022-25)

2022-12-20 00:00:00

msrc

OpenSSL 3.0 ~ 3.0.6 のリスク (CVE-2022-3786 および CVE-2202-3602) に関する認識とガイダンス

2022-11-03 07:00:00

Awareness and guidance related to OpenSSL 3.0 – 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602)

2022-11-03 00:46:06

Awareness and guidance related to OpenSSL 3.0 - 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602)

2022-11-02 07:00:00

gentoo

OpenSSL: Multiple Vulnerabilities

2022-11-01 00:00:00

Node.js: Multiple Vulnerabilities

2024-05-08 00:00:00

oraclelinux

openssl security update

2022-11-01 00:00:00

openssl security update

2022-11-01 00:00:00

openssl security update

2022-11-17 00:00:00

OpenSSL vulnerabilities CVE-2022-3786 and CVE-2022-3602

2022-10-28 17:31:00

ibm

Security Bulletin: IBM MQ Advanced Message Security on IBM i platforms is affected by a buffer overflow issue in OpenSSL (CVE-2022-3602, CVE-2022-3786)

2022-11-04 12:45:04

Security Bulletin: IBM Observability with Instana (OnPrem) affected by OpenSSL vulnerabilities.

2023-03-07 09:44:53

Security Bulletin: Vulnerabilities in OpenSSL may affect IBM Spectrum Protect Plus (CVE-2022-3602, CVE-2022-3786)

2023-05-30 17:46:44

fedora

[SECURITY] Fedora 36 Update: openssl-3.0.5-2.fc36

2022-11-02 01:50:12

[SECURITY] Fedora 37 Update: openssl-3.0.5-3.fc37

2022-11-02 02:01:31

nessus

Tenable Nessus Agent 10.x < 10.2.1 Multiple Vulnerabilities (TNS-2022-22)

2022-11-04 00:00:00

Nessus Network Monitor < 6.1.1 Multiple Vulnerabilities (TNS-2022-25)

2022-11-10 00:00:00

GLSA-202211-01 : OpenSSL: Multiple Vulnerabilities

2022-11-02 00:00:00

arista

Security Advisory 0081

2022-11-01 00:00:00

cisco

Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022

2022-10-28 16:00:00

talosblog

Threat Advisory: High Severity OpenSSL Vulnerabilities

2022-11-01 19:03:49

cisa

OpenSSL Releases Security Update

2022-11-01 00:00:00

ubuntucve

CVE-2022-3786

2022-11-01 00:00:00

freebsd

OpenSSL -- Buffer overflows in Email verification

2022-11-01 00:00:00

almalinux

Important: openssl security update

2022-11-01 00:00:00

intel

Intel® Software Products Advisory for OpenSSL Vulnerabilities (CVE-2022-3786 & CVE-2022-3602) Advisory

2023-02-02 00:00:00

akamaiblog

An update on the impact of OpenSSL CVE-2022-3602 and CVE-2022-3786 on Akamai's systems

2022-11-07 10:00:00

hivepro

Patch available for pre-announced Critical Vulnerability in OpenSSL

2022-11-02 07:27:54

nvidia

Security Notice: NVIDIA Response to OpenSSL Vulnerabilities - November 2022

2022-11-01 00:00:00

mscve

OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrun

2022-11-02 07:00:00

OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun

2022-11-02 07:00:00

amd

OpenSSL Vulnerabilities

2023-08-08 00:00:00

photon

Important Photon OS Security Update - PHSA-2022-0272

2022-11-02 00:00:00

Important Photon OS Security Update - PHSA-2022-4.0-0272

2022-11-02 00:00:00

Critical Photon OS Security Update - PHSA-2023-5.0-0011

2023-05-24 00:00:00

kaspersky

KLA20036 Multiple vulnerabilities in Microsoft Azure

2022-11-02 00:00:00

KLA20037 Multiple vulnerabilities in Microsoft Open Source Software

2022-11-02 00:00:00

rapid7blog

CVE-2022-3786 and CVE-2022-3602: Two High-Severity Buffer Overflow Vulnerabilities in OpenSSL Fixed

2022-11-01 16:38:53

Rapid7’s Impact from OpenSSL Buffer Overflow Vulnerabilities (CVE-2022-3786 & CVE-2022-3602)

2022-11-11 13:41:22

Year in Review: Rapid7 Vulnerability Management

2023-01-09 17:00:00

fortinet

Protect

2022-10-28 00:00:00

qualysblog

Qualys Research Alert: OpenSSL 3.0.7 – What You Need To Know

2022-10-31 14:15:52

OpenSSL Vulnerability Recap

2022-11-03 17:00:00

November 2022 Patch Tuesday | Microsoft Releases 65 New Vulnerabilities with 10 Critical; Adobe Releases Zero Advisories (for the first time in six years).

2022-11-08 21:00:00

wizblog

OpenSSL vulnerabilities: Everything you need to know

2022-10-29 04:11:46

trellix

CVE-2023-0286: The OpenSSL Who Cried “Severity: High

2023-02-09 00:00:00

CVE-2023-0286: The OpenSSL Who Cried “Severity: High

2023-02-09 00:00:00

OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602

2022-11-01 00:00:00

suse

Security update for openssl-3 (critical)

2022-11-01 00:00:00

ubuntu

OpenSSL vulnerabilities

2022-11-01 00:00:00

nodejsblog

Nov 3 2022 Security Releases

2022-11-01 00:00:00

aix

Multiple vulnerabilities in OpenSSL affect AIX

2023-01-24 09:22:21

cert

OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly

2022-11-01 00:00:00

thn

OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities

2022-11-01 16:26:00

oracle

Oracle Critical Patch Update Advisory - January 2024

2024-01-16 00:00:00

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.4%

JSON

Related for PRION:CVE-2022-3786