{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-3996", "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "state": "PUBLISHED", "assignerShortName": "openssl", "requesterUserId": "b0d835d1-bcd6-467d-a017-37d7df925f4b", "dateReserved": "2022-11-15T11:47:05.740Z", "datePublished": "2022-12-13T15:43:06.821Z", "dateUpdated": "2024-08-03T01:27:54.475Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [{"lessThanOrEqual": "3.0.7", "status": "affected", "version": "3.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Polar Bear"}, {"lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Paul Dale"}], "datePublic": "2022-12-13T07:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "If an X.509 certificate contains a malformed policy constraint and<br>policy processing is enabled, then a write lock will be taken twice<br>recursively. On some operating systems (most widely: Windows) this<br>results in a denial of service when the affected process hangs. Policy<br>processing being enabled on a publicly facing server is not considered<br>to be a common setup.<br><br>Policy processing is enabled by passing the `-policy'<br>argument to the command line utilities or by calling the<br>`X509_VERIFY_PARAM_set1_policies()' function.<br><br>Update (31 March 2023): The description of the policy processing enablement<br>was corrected based on CVE-2023-0466."}], "value": "If an X.509 certificate contains a malformed policy constraint and\npolicy processing is enabled, then a write lock will be taken twice\nrecursively. On some operating systems (most widely: Windows) this\nresults in a denial of service when the affected process hangs. Policy\nprocessing being enabled on a publicly facing server is not considered\nto be a common setup.\n\nPolicy processing is enabled by passing the `-policy'\nargument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.\n\nUpdate (31 March 2023): The description of the policy processing enablement\nwas corrected based on CVE-2023-0466."}], "metrics": [{"format": "other", "other": {"content": {"text": "Low"}, "type": "https://www.openssl.org/policies/secpolicy.html#low"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-667", "description": "CWE-667 Improper Locking", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl", "dateUpdated": "2023-03-31T09:50:45.685Z"}, "references": [{"name": "OpenSSL Advisory", "tags": ["vendor-advisory"], "url": "https://www.openssl.org/news/secadv/20221213.txt"}, {"tags": ["patch"], "url": "https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7"}], "source": {"discovery": "UNKNOWN"}, "title": "X.509 Policy Constraints Double Locking", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20230203-0003/"}, {"name": "OpenSSL Advisory", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.openssl.org/news/secadv/20221213.txt"}, {"tags": ["patch", "x_transferred"], "url": "https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:27:54.475Z"}}, {"affected": [{"vendor": "openssl", "product": "openssl", "cpes": ["cpe:2.3:a:openssl:openssl:3.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.0.0", "status": "affected", "lessThan": "3.0.7", "versionType": "custom"}]}, {"vendor": "netapp", "product": "ontap_9", "cpes": ["cpe:2.3:a:netapp:ontap_9:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "*", "versionType": "custom"}]}, {"vendor": "netapp", "product": "fas\\/aff_baseboard_management_controller", "cpes": ["cpe:2.3:a:netapp:fas\\/aff_baseboard_management_controller:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "*", "versionType": "custom"}]}, {"vendor": "netapp", "product": "management_services_for_element_software", "cpes": ["cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "*", "versionType": "custom"}]}, {"vendor": "netapp", "product": "altavault_ost_plug-in", "cpes": ["cpe:2.3:a:netapp:altavault_ost_plug-in:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "*", "versionType": "custom"}]}, {"vendor": "netapp", "product": "hci_baseboard_management_controller", "cpes": ["cpe:2.3:a:netapp:hci_baseboard_management_controller:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "*", "versionType": "custom"}]}, {"vendor": "netapp", "product": "smi-s_provider", "cpes": ["cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "*", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-01T21:11:25.058550Z", "id": "CVE-2022-3996", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T21:18:41.599Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20230203-0003/"}, {"url": "https://www.openssl.org/news/secadv/20221213.txt", "name": "OpenSSL Advisory", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7", "tags": ["patch", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:27:54.475Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-3996", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-01T21:11:25.058550Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:openssl:openssl:3.0.0:*:*:*:*:*:*:*"], "vendor": "openssl", "product": "openssl", "versions": [{"status": "affected", "version": "3.0.0", "lessThan": "3.0.7", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:ontap_9:-:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "ontap_9", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:fas\\/aff_baseboard_management_controller:-:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "fas\\/aff_baseboard_management_controller", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "management_services_for_element_software", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:altavault_ost_plug-in:*:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "altavault_ost_plug-in", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:hci_baseboard_management_controller:-:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "hci_baseboard_management_controller", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "smi-s_provider", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T21:11:53.309Z"}}], "cna": {"title": "X.509 Policy Constraints Double Locking", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Polar Bear"}, {"lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Paul Dale"}], "metrics": [{"other": {"type": "https://www.openssl.org/policies/secpolicy.html#low", "content": {"text": "Low"}}, "format": "other"}], "affected": [{"vendor": "OpenSSL", "product": "OpenSSL", "versions": [{"status": "affected", "version": "3.0.0", "versionType": "semver", "lessThanOrEqual": "3.0.7"}], "defaultStatus": "unaffected"}], "datePublic": "2022-12-13T07:00:00.000Z", "references": [{"url": "https://www.openssl.org/news/secadv/20221213.txt", "name": "OpenSSL Advisory", "tags": ["vendor-advisory"]}, {"url": "https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "If an X.509 certificate contains a malformed policy constraint and\npolicy processing is enabled, then a write lock will be taken twice\nrecursively. On some operating systems (most widely: Windows) this\nresults in a denial of service when the affected process hangs. Policy\nprocessing being enabled on a publicly facing server is not considered\nto be a common setup.\n\nPolicy processing is enabled by passing the `-policy'\nargument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.\n\nUpdate (31 March 2023): The description of the policy processing enablement\nwas corrected based on CVE-2023-0466.", "supportingMedia": [{"type": "text/html", "value": "If an X.509 certificate contains a malformed policy constraint and<br>policy processing is enabled, then a write lock will be taken twice<br>recursively. On some operating systems (most widely: Windows) this<br>results in a denial of service when the affected process hangs. Policy<br>processing being enabled on a publicly facing server is not considered<br>to be a common setup.<br><br>Policy processing is enabled by passing the `-policy'<br>argument to the command line utilities or by calling the<br>`X509_VERIFY_PARAM_set1_policies()' function.<br><br>Update (31 March 2023): The description of the policy processing enablement<br>was corrected based on CVE-2023-0466.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-667", "description": "CWE-667 Improper Locking"}]}], "providerMetadata": {"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl", "dateUpdated": "2023-03-31T09:50:45.685Z"}}}, "cveMetadata": {"cveId": "CVE-2022-3996", "state": "PUBLISHED", "dateUpdated": "2024-08-03T01:27:54.475Z", "dateReserved": "2022-11-15T11:47:05.740Z", "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "datePublished": "2022-12-13T15:43:06.821Z", "requesterUserId": "b0d835d1-bcd6-467d-a017-37d7df925f4b", "assignerShortName": "openssl"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "26EF8A48-B8E5-4D4D-8054-445D65171EAC", "versionEndIncluding": "3.0.7", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "If an X.509 certificate contains a malformed policy constraint and\npolicy processing is enabled, then a write lock will be taken twice\nrecursively. On some operating systems (most widely: Windows) this\nresults in a denial of service when the affected process hangs. Policy\nprocessing being enabled on a publicly facing server is not considered\nto be a common setup.\n\nPolicy processing is enabled by passing the `-policy'\nargument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.\n\nUpdate (31 March 2023): The description of the policy processing enablement\nwas corrected based on CVE-2023-0466."}, {"lang": "es", "value": "Si un certificado X.509 contiene una restricci\u00f3n de pol\u00edtica con formato incorrecto y el procesamiento de pol\u00edticas est\u00e1 habilitado, se aplicar\u00e1 un bloqueo de escritura dos veces de forma recursiva. En algunos sistemas operativos (m\u00e1s ampliamente: Windows), esto resulta en una Denegaci\u00f3n de Servicio (DoS) cuando el proceso afectado se bloquea. La habilitaci\u00f3n del procesamiento de pol\u00edticas en un servidor p\u00fablico no se considera una configuraci\u00f3n com\u00fan. El procesamiento de pol\u00edticas se habilita pasando el argumento `-policy' a las utilidades de l\u00ednea de comando o llamando a la funci\u00f3n `X509_VERIFY_PARAM_set1_policies()'. Actualizaci\u00f3n (31 de marzo de 2023): la descripci\u00f3n de la habilitaci\u00f3n del procesamiento de pol\u00edticas se corrigi\u00f3 seg\u00fan CVE-2023-0466."}], "id": "CVE-2022-3996", "lastModified": "2024-08-01T22:35:04.627", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-12-13T16:15:22.007", "references": [{"source": "openssl-security@openssl.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7"}, {"source": "openssl-security@openssl.org", "tags": ["Vendor Advisory"], "url": "https://www.openssl.org/news/secadv/20221213.txt"}], "sourceIdentifier": "openssl-security@openssl.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-667"}], "source": "openssl-security@openssl.org", "type": "Secondary"}]}

{"bugzilla": {"description": "openssl: double locking leads to denial of service", "id": "2153239", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153239"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-609", "details": ["If an X.509 certificate contains a malformed policy constraint and\npolicy processing is enabled, then a write lock will be taken twice\nrecursively. On some operating systems (most widely: Windows) this\nresults in a denial of service when the affected process hangs. Policy\nprocessing being enabled on a publicly facing server is not considered\nto be a common setup.\nPolicy processing is enabled by passing the `-policy'\nargument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.\nUpdate (31 March 2023): The description of the policy processing enablement\nwas corrected based on CVE-2023-0466.", "A vulnerability was found in OpenSSL. This security flaw occurs if an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows), this issue results in a denial of service when the affected process hangs. Policy processing enabled on a publicly-facing server is not considered a standard setup. Policy processing is enabled by passing the `-policy' argument to the command line utilities or by calling either the` X509_VERIFY_PARAM_add0_policy()' or `X509_VERIFY_PARAM_set1_policies()' functions."], "name": "CVE-2022-3996", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "ovmf", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "compat-openssl10", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "shim", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "compat-openssl11", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "shim", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_core_services:1", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Core Services"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Web Server 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Web Server 5"}], "public_date": "2022-12-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-3996\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3996"], "statement": "This CVE is marked as Not Affected for all Red Hat Products because the problem caused by this CVE (deadlock, potential DDoS) is platform-specific. Thread management implementation works well for Linux but causes deadlocks on Windows systems only.", "threat_severity": "Low"}