CVE-2022-3786 - Vulnerability Details

Vendors	Products
Fedoraproject	Fedora
Nodejs	Node.js
Openssl	Openssl
Redhat	Enterprise Linux

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
openssl-1:3.0.1-43.el9_0	cpe:/a:redhat:enterprise_linux:9	RHSA-2022:7288	2022-11-01T00:00:00Z
rhel9/openssl:9.0-25	cpe:/a:redhat:enterprise_linux:9	RHSA-2022:7384	2022-11-02T00:00:00Z
ubi9/openssl:9.0-25	cpe:/a:redhat:enterprise_linux:9	RHSA-2022:7384	2022-11-02T00:00:00Z
openssl-1:3.0.1-43.el9_0	cpe:/o:redhat:enterprise_linux:9	RHSA-2022:7288	2022-11-01T00:00:00Z

Link	Providers
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a
https://nvd.nist.gov/vuln/detail/CVE-2022-3786
https://www.cve.org/CVERecord?id=CVE-2022-3786
https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
https://www.openssl.org/news/secadv/20221101.txt

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-3786", "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "datePublished": "2022-11-01T00:00:00", "dateUpdated": "2024-08-03T01:20:58.788Z", "dateReserved": "2022-11-01T00:00:00"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [{"lessThan": "3.0.7", "status": "affected", "version": "3.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Viktor Dukhovni"}], "datePublic": "2022-11-01T00:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.</p>"}], "value": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.\n\n"}], "metrics": [{"format": "other", "other": {"content": {"text": "HIGH"}, "type": "https://www.openssl.org/policies/secpolicy.html#high"}}], "problemTypes": [{"descriptions": [{"description": "Buffer overflow", "lang": "en"}]}], "providerMetadata": {"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl", "dateUpdated": "2022-11-04T07:28:32.835Z"}, "references": [{"name": "OpenSSL Advisory", "tags": ["vendor-advisory"], "url": "https://www.openssl.org/news/secadv/20221101.txt"}, {"name": "3.0.7 git commit", "tags": ["patch"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a"}], "source": {"discovery": "UNKNOWN"}, "title": "X.509 Email Address Variable Length Buffer Overflow", "x_generator": {"engine": "Vulnogram 0.1.0-dev", "importer": "vulnxml2json5.py 2022-11-04 07:19:07.034873"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:20:58.788Z"}, "title": "CVE Program Container", "references": [{"name": "OpenSSL Advisory", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.openssl.org/news/secadv/20221101.txt"}, {"name": "3.0.7 git commit", "tags": ["patch", "x_transferred"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a"}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

state : PUBLISHED (string)

cveId : CVE-2022-3786 (string)

assignerOrgId : 3a12439a-ef3a-4c79-92e6-6081a721f1e5 (string)

assignerShortName : openssl (string)

datePublished : 2022-11-01T00:00:00 (string)

dateUpdated : 2024-08-03T01:20:58.788Z (string)

dateReserved : 2022-11-01T00:00:00 (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

defaultStatus : unaffected (string)

product : OpenSSL (string)

vendor : OpenSSL (string)

versions : [ »

0 : { »

lessThan : 3.0.7 (string)

status : affected (string)

version : 3.0.0 (string)

versionType : semver (string)

}

]

}

]

credits : [ »

0 : { »

lang : en (string)

type : finder (string)

user : 00000000-0000-4000-9000-000000000000 (string)

value : Viktor Dukhovni (string)

}

]

datePublic : 2022-11-01T00:00:00.000Z (string)

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : <p>A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.</p> (string)

}

]

value : A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. (string)

}

]

metrics : [ »

0 : { »

format : other (string)

other : { »

content : { »

text : HIGH (string)

}

type : https://www.openssl.org/policies/secpolicy.html#high (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Buffer overflow (string)

lang : en (string)

}

]

}

]

providerMetadata : { »

orgId : 3a12439a-ef3a-4c79-92e6-6081a721f1e5 (string)

shortName : openssl (string)

dateUpdated : 2022-11-04T07:28:32.835Z (string)

}

references : [ »

0 : { »

name : OpenSSL Advisory (string)

tags : [ »

0 : vendor-advisory (string)

]

url : https://www.openssl.org/news/secadv/20221101.txt (string)

}

1 : { »

name : 3.0.7 git commit (string)

tags : [ »

0 : patch (string)

]

url : https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a (string)

}

]

source : { »

discovery : UNKNOWN (string)

}

title : X.509 Email Address Variable Length Buffer Overflow (string)

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

importer : vulnxml2json5.py 2022-11-04 07:19:07.034873 (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T01:20:58.788Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : OpenSSL Advisory (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://www.openssl.org/news/secadv/20221101.txt (string)

}

1 : { »

name : 3.0.7 git commit (string)

tags : [ »

0 : patch (string)

1 : x_transferred (string)

]

url : https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a (string)

}

]

}

]

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE1F59CA-02F2-4374-A129-18713496B58B", "versionEndExcluding": "3.0.7", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "CAC42CA8-8B01-4A19-A83C-A7D4D08E5E43", "versionEndExcluding": "18.11.0", "versionStartIncluding": "18.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:18.12.0:*:*:*:lts:*:*:*", "matchCriteriaId": "7B1F87EE-4E30-4832-BF01-8501E94380EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:19.0.0:*:*:*:-:*:*:*", "matchCriteriaId": "F568BBC5-0D8E-499C-9F3E-DDCE5F10F9D5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.\n\n"}, {"lang": "es", "value": "Puede activarse una saturaci\u00f3n del b\u00fafer en la verificaci\u00f3n del certificado X.509, espec\u00edficamente en la verificaci\u00f3n de restricciones del nombre. Tenga en cuenta que esto ocurre despu\u00e9s de la verificaci\u00f3n de la firma de la cadena de certificados y requiere que una CA haya firmado un certificado malicioso o que la aplicaci\u00f3n contin\u00fae con la verificaci\u00f3n del certificado a pesar de no poder construir una ruta hacia un emisor confiable. Un atacante puede crear una direcci\u00f3n de correo electr\u00f3nico maliciosa en un certificado para desbordar una cantidad arbitraria de bytes que contengan el car\u00e1cter \".\" (decimal 46) en la pila de memoria. Este desbordamiento del b\u00fafer podr\u00eda provocar un bloqueo (provocando una denegaci\u00f3n de servicio). En un cliente TLS, esto se puede desencadenar conect\u00e1ndose a un servidor malicioso. En un servidor TLS, esto puede activarse si el servidor solicita la autenticaci\u00f3n del cliente y se conecta un cliente malicioso."}], "id": "CVE-2022-3786", "lastModified": "2024-11-21T07:20:14.297", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-01T18:15:11.047", "references": [{"source": "openssl-security@openssl.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a"}, {"source": "openssl-security@openssl.org", "tags": ["Vendor Advisory"], "url": "https://www.openssl.org/news/secadv/20221101.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.openssl.org/news/secadv/20221101.txt"}], "sourceIdentifier": "openssl-security@openssl.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* (string)

matchCriteriaId : BE1F59CA-02F2-4374-A129-18713496B58B (string)

versionEndExcluding : 3.0.7 (string)

versionStartIncluding : 3.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* (string)

matchCriteriaId : 5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* (string)

matchCriteriaId : E30D0E6F-4AE8-4284-8716-991DFA48CC5D (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* (string)

matchCriteriaId : CAC42CA8-8B01-4A19-A83C-A7D4D08E5E43 (string)

versionEndExcluding : 18.11.0 (string)

versionStartIncluding : 18.0.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:nodejs:node.js:18.12.0:*:*:*:lts:*:*:* (string)

matchCriteriaId : 7B1F87EE-4E30-4832-BF01-8501E94380EE (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:nodejs:node.js:19.0.0:*:*:*:-:*:*:* (string)

matchCriteriaId : F568BBC5-0D8E-499C-9F3E-DDCE5F10F9D5 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. (string)

}

1 : { »

lang : es (string)

value : Puede activarse una saturación del búfer en la verificación del certificado X.509, específicamente en la verificación de restricciones del nombre. Tenga en cuenta que esto ocurre después de la verificación de la firma de la cadena de certificados y requiere que una CA haya firmado un certificado malicioso o que la aplicación continúe con la verificación del certificado a pesar de no poder construir una ruta hacia un emisor confiable. Un atacante puede crear una dirección de correo electrónico maliciosa en un certificado para desbordar una cantidad arbitraria de bytes que contengan el carácter "." (decimal 46) en la pila de memoria. Este desbordamiento del búfer podría provocar un bloqueo (provocando una denegación de servicio). En un cliente TLS, esto se puede desencadenar conectándose a un servidor malicioso. En un servidor TLS, esto puede activarse si el servidor solicita la autenticación del cliente y se conecta un cliente malicioso. (string)

}

]

id : CVE-2022-3786 (string)

lastModified : 2024-11-21T07:20:14.297 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2022-11-01T18:15:11.047 (string)

references : [ »

0 : { »

source : openssl-security@openssl.org (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a (string)

}

1 : { »

source : openssl-security@openssl.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.openssl.org/news/secadv/20221101.txt (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.openssl.org/news/secadv/20221101.txt (string)

}

]

sourceIdentifier : openssl-security@openssl.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-120 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"acknowledgement": "Upstream acknowledges OpenSSL project (Polar Bear) as the original reporter.", "affected_release": [{"advisory": "RHSA-2022:7288", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "openssl-1:3.0.1-43.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-01T00:00:00Z"}, {"advisory": "RHSA-2022:7384", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "rhel9/openssl:9.0-25", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-02T00:00:00Z"}, {"advisory": "RHSA-2022:7384", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "ubi9/openssl:9.0-25", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-02T00:00:00Z"}, {"advisory": "RHSA-2022:7288", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "openssl-1:3.0.1-43.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-01T00:00:00Z"}], "bugzilla": {"description": "OpenSSL: X.509 Email Address Variable Length Buffer Overflow", "id": "2139104", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139104"}, "csaw": true, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-119->CWE-121->CWE-193", "details": ["A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.", "A stack-based buffer overflow was found in the way OpenSSL processes X.509 certificates with a specially crafted email address field. This issue could cause a server or a client application compiled with OpenSSL to crash or possibly execute remote code when trying to process the malicious certificate."], "name": "CVE-2022-3786", "package_state": [{"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Under investigation", "package_name": "openshift-logging/fluentd-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/management-ingress-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "ovmf", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "compat-openssl10", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "shim", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "compat-openssl11", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "shim", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_core_services:1", "fix_state": "Not affected", "package_name": "jbcs-httpd24-openssl", "product_name": "Red Hat JBoss Core Services"}, {"cpe": "cpe:/a:redhat:jboss_core_services:1", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Core Services"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Web Server 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Web Server 5"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "redhat-virtualization-host", "product_name": "Red Hat Virtualization 4"}], "public_date": "2022-11-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-3786\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3786\nhttps://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/\nhttps://www.openssl.org/news/secadv/20221101.txt"], "statement": "As per upstream, the most common situation where this can be triggered is when a server requests client authentication after a malicious client connects. A client connecting to a malicious server is also believed to be vulnerable in the same manner. Only OpenSSL versions 3.0.0 to 3.0.6 are vulnerable to this attack.", "threat_severity": "Important"}

{

acknowledgement : Upstream acknowledges OpenSSL project (Polar Bear) as the original reporter. (string)

affected_release : [ »

0 : { »

advisory : RHSA-2022:7288 (string)

cpe : cpe:/a:redhat:enterprise_linux:9 (string)

package : openssl-1:3.0.1-43.el9_0 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2022-11-01T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2022:7384 (string)

cpe : cpe:/a:redhat:enterprise_linux:9 (string)

package : rhel9/openssl:9.0-25 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2022-11-02T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2022:7384 (string)

cpe : cpe:/a:redhat:enterprise_linux:9 (string)

package : ubi9/openssl:9.0-25 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2022-11-02T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2022:7288 (string)

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

package : openssl-1:3.0.1-43.el9_0 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2022-11-01T00:00:00Z (string)

}

]

bugzilla : { »

description : OpenSSL: X.509 Email Address Variable Length Buffer Overflow (string)

id : 2139104 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2139104 (string)

}

csaw : true (boolean)

cvss3 : { »

cvss3_base_score : 7.5 (string)

cvss3_scoring_vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

status : verified (string)

}

cwe : CWE-119->CWE-121->CWE-193 (string)

details : [ »

0 : A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. (string)

1 : A stack-based buffer overflow was found in the way OpenSSL processes X.509 certificates with a specially crafted email address field. This issue could cause a server or a client application compiled with OpenSSL to crash or possibly execute remote code when trying to process the malicious certificate. (string)

]

name : CVE-2022-3786 (string)

package_state : [ »

0 : { »

cpe : cpe:/a:redhat:logging:5 (string)

fix_state : Under investigation (string)

package_name : openshift-logging/fluentd-rhel8 (string)

product_name : Logging Subsystem for Red Hat OpenShift (string)

}

1 : { »

cpe : cpe:/a:redhat:acm:2 (string)