Lucene search
RustsecRUSTSEC-2022-0027HistoryMay 03, 2022 - 12:00 p.m.
`OCSP_basic_verify` may incorrectly verify the response signing certificate
2022-05-0312:00:00
rustsec.org
11
0.002 Low
EPSS
Percentile
51.7%
The function OCSP_basic_verify verifies the signer certificate on an OCSP
response. In the case where the (non-default) flag OCSP_NOCHECKS is used then
the response will be positive (meaning a successful verification) even in the
case where the response signing certificate fails to verify.
It is anticipated that most users of OCSP_basic_verify will not use the
OCSP_NOCHECKS flag. In this case the OCSP_basic_verify function will return
a negative value (indicating a fatal error) in the case of a certificate
verification failure. The normal expected return value in this case would be 0.
| CPE | Name | Operator | Version |
|---|---|---|---|
| openssl-src | ge | 300.0.0 | |
| openssl-src | lt | 300.0.6 |
Related
redhatcve
redhatcve
CVE-2022-1343
2022-05-18 22:42:51
osv
osv
`OCSP_basic_verify` may incorrectly verify the response signing certificate
2022-05-03 12:00:00
CVE-2022-1343
2022-05-03 16:15:18
`OCSP_basic_verify` may incorrectly verify the response signing certificate
2022-05-04 00:00:23
nvd
nvd
CVE-2022-1343
2022-05-03 16:15:18
ubuntucve
ubuntucve
CVE-2022-1343
2022-05-03 00:00:00
cve
cve
CVE-2022-1343
2022-05-03 16:15:18
veracode
veracode
Insecure Certificate Validation
2022-05-12 21:28:54
debiancve
debiancve
CVE-2022-1343
2022-05-03 16:15:18
openssl
openssl
Vulnerability in OpenSSL CVE-2022-1343
2022-05-03 00:00:00
f5
f5
K68013105 : OpenSSL vulnerability CVE-2022-1343
2022-05-27 00:00:00
alpinelinux
alpinelinux
CVE-2022-1343
2022-05-03 16:15:18
prion
prion
Design/Logic Flaw
2022-05-03 16:15:00
cvelist
cvelist
github
github
`OCSP_basic_verify` may incorrectly verify the response signing certificate
2022-05-04 00:00:23
ibm
ibm
nessus
nessus
FreeBSD : OpenSSL -- Multiple vulnerabilities (fceb2b08-cb76-11ec-a06f-d4c9ef517024)
2022-05-04 00:00:00
Amazon Linux 2022 : openssl (ALAS2022-2022-104)
2022-09-07 00:00:00
ics
ics
Siemens Brownfield Connectivity Client
2023-02-16 12:00:00
βSiemens SINAMICS Medium Voltage Products
2023-06-15 12:00:00
Siemens SCALANCE, RUGGEDCOM Third-Party
2023-03-16 12:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2022-05-04 00:00:00
openvas
openvas
OpenSSL: Multiple Vulnerabilities (May 2022) - Linux
2022-05-04 00:00:00
Ubuntu: Security Advisory (USN-5402-1)
2022-05-05 00:00:00
OpenSSL: Multiple Vulnerabilities (May 2022) - Windows
2022-05-04 00:00:00
cloudfoundry
cloudfoundry
USN-5402-1: OpenSSL vulnerabilities | Cloud Foundry
2022-07-29 00:00:00
nodejsblog
nodejsblog
OpenSSL update assessment, and Node.js project plans
2022-05-05 00:00:00
redos
redos
ROS-20220524-01
2022-05-24 00:00:00
freebsd
freebsd
OpenSSL -- Multiple vulnerabilities
2022-05-03 00:00:00
redhat
redhat
(RHSA-2022:6224) Moderate: openssl security and bug fix update
2022-08-30 15:46:32
oraclelinux
oraclelinux
openssl security update
2022-08-31 00:00:00
openssl security and bug fix update
2022-08-30 00:00:00
almalinux
almalinux
Moderate: openssl security and bug fix update
2022-08-30 00:00:00
suse
suse
Security update for openssl-3 (important)
2022-07-06 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2022-0185
2022-05-18 00:00:00
Critical Photon OS Security Update - PHSA-2022-4.0-0185
2022-05-18 00:00:00