Lucene search
Alpine Linux Development TeamALPINE:CVE-2022-3996HistoryDec 13, 2022 - 4:15 p.m.
CVE-2022-3996
2022-12-1316:15:00
Alpine Linux Development Team
security.alpinelinux.org
27
If an X.509 certificate contains a malformed policy constraint and
policy processing is enabled, then a write lock will be taken twice
recursively. On some operating systems (most widely: Windows) this
results in a denial of service when the affected process hangs. Policy
processing being enabled on a publicly facing server is not considered
to be a common setup.
Policy processing is enabled by passing the -policy' argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()’ function.
Update (31 March 2023): The description of the policy processing enablement
was corrected based on CVE-2023-0466.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | edge-main | noarch | openssl | < 3.0.7-r2 | UNKNOWN |
| Alpine | 3.15-main | noarch | openssl3 | < 3.0.8-r0 | UNKNOWN |
| Alpine | 3.16-main | noarch | openssl3 | < 3.0.8-r0 | UNKNOWN |
| Alpine | 3.17-main | noarch | openssl | < 3.0.7-r2 | UNKNOWN |
| Alpine | 3.18-main | noarch | openssl | < 3.0.7-r2 | UNKNOWN |
| Alpine | 3.19-main | noarch | openssl | < 3.0.7-r2 | UNKNOWN |
| Alpine | 3.20-main | noarch | openssl | < 3.0.7-r2 | UNKNOWN |
Related
cvelist
cvelist
CVE-2022-3996 X.509 Policy Constraints Double Locking
2022-12-13 15:43:06
CVE-2023-0466 Certificate policy check not enabled
2023-03-28 14:30:49
ubuntucve
ubuntucve
CVE-2022-3996
2022-12-13 00:00:00
CVE-2023-0466
2023-03-28 00:00:00
prion
prion
Design/Logic Flaw
2022-12-13 16:15:00
Design/Logic Flaw
2023-03-28 15:15:00
cve
cve
CVE-2022-3996
2022-12-13 16:15:00
CVE-2023-0466
2023-03-28 15:15:06
debiancve
debiancve
CVE-2022-3996
2022-12-13 16:15:00
CVE-2023-0466
2023-03-28 15:15:06
osv
osv
CVE-2022-3996
2022-12-13 16:15:22
openssl-src subject to DoS by double-checked locking
2022-12-13 18:30:33
CVE-2023-0466
2023-03-28 15:15:06
cloudlinux
cloudlinux
openssl: Fix of 3 CVEs
2023-05-04 21:42:17
cloudfoundry
cloudfoundry
USN-6039-1: OpenSSL vulnerabilities | Cloud Foundry
2023-06-30 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6039-1)
2023-04-26 00:00:00
github
github
openssl-src subject to DoS by double-checked locking
2022-12-13 18:30:33
openssl
openssl
Vulnerability in OpenSSL CVE-2022-3996
2022-12-13 00:00:00
Vulnerability in OpenSSL CVE-2023-0466
2023-03-21 00:00:00
nessus
nessus
Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2023-095)
2023-03-21 00:00:00
EulerOS 2.0 SP9 : openssl (EulerOS-SA-2023-2337)
2023-07-09 00:00:00
EulerOS Virtualization 2.9.0 : openssl (EulerOS-SA-2023-2528)
2023-07-31 00:00:00
cgr
cgr
CVE-2022-3996 vulnerabilities
2024-05-19 03:07:16
veracode
veracode
Improper Locking
2023-01-06 08:19:51
Authorization Bypass
2023-04-02 10:15:03
wolfi
wolfi
CVE-2022-3996 vulnerabilities
2024-06-02 22:01:16
nodejsblog
nodejsblog
OpenSSL 3.0.7 update assessment
2022-12-16 00:00:00
redhatcve
redhatcve
CVE-2022-3996
2022-12-14 11:04:49
CVE-2023-0466
2023-03-30 09:13:38
photon
photon
Important Photon OS Security Update - PHSA-2023-0308
2023-01-05 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0308
2023-01-05 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0415
2023-06-22 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-0466 affecting package openssl 1.1.1k-13
2023-04-20 19:17:28
CVE-2023-0466 affecting package openssl for versions less than 1.1.1k-23
2023-05-03 16:09:09
alpinelinux
alpinelinux
CVE-2023-0466
2023-03-28 15:15:06
ibm
ibm
f5
f5
K000134574 : OpenSSL vulnerabilities CVE-2023-0465 and CVE-2023-0466
2023-05-11 00:00:00
freebsd
freebsd
OpenSSL -- Multiple vulnerabilities
2023-03-28 00:00:00
Python -- multiple vulnerabilities
2022-06-08 00:00:00
amazon
amazon
Medium: openssl11
2023-05-11 17:49:00
Medium: openssl
2023-06-05 16:39:00
Medium: openssl
2023-06-05 16:39:00
oraclelinux
oraclelinux
openssl security and bug fix update
2023-06-22 00:00:00
openssl security update
2023-08-31 00:00:00
redhat
redhat
fedora
fedora
[SECURITY] Fedora 38 Update: openssl-3.0.9-1.fc38
2023-06-03 02:46:16
[SECURITY] Fedora 37 Update: openssl-3.0.9-1.fc37
2023-06-04 01:24:09
almalinux
almalinux
Moderate: openssl security and bug fix update
2023-06-21 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2366
2024-03-05 08:46:27
aix
aix
Multiple vulnerabilities in OpenSSL affect AIX
2023-09-11 10:43:54
Multiple vulnerabilities in OpenSSL affect AIX
2023-03-21 13:26:15
thn
thn
OpenSSL Fixes Multiple New Security Flaws with Latest Update
2023-02-09 09:51:00
mageia
mageia
Updated openssl packages fix security vulnerability
2023-04-11 22:02:20
gentoo
gentoo
OpenSSL: Multiple Vulnerabilities
2024-02-04 00:00:00
ics
ics
Siemens Telecontrol Server Basic
2024-04-11 12:00:00
Siemens SIMATIC S7-1500 TM MFP Linux Kernel
2023-06-15 12:00:00
hp
hp
HP Device Manager Security Updates
2023-10-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47