OpenSSL is a powerful, commercial-grade, full-featured open source toolkit for the Transport Layer Security (TLS) protocol, which is implemented based on the Full Strength Common Cryptographic Library for protecting communications on computer networks from eavesdropping and is widely used by Internet servers. openSSL suffers from a denial-of-service vulnerability that could be exploited by an attacker to craft a certificate containing a malicious email address to overflow containing “.” to cause a service crash.

CPENameOperatorVersion
OpenSSL OpenSSL 3.*，lt3.0.7

CPE	Name	Operator	Version
	OpenSSL OpenSSL 3.*，	lt	3.0.7

veracode 1

alpinelinux 1

githubexploit 1

openssl 1

osv 7

debiancve 1

wolfi 1

checkpoint_advisories 2

github 1

redhatcve 1

rustsec 1

cve 1

prion 1

cgr 1

msrc 4

oraclelinux 3

gentoo 1

ics 4

redhat 3

ibm 12

rocky 1

f5 1

openvas 11

nessus 22

fedora 2

rapid7blog 4

fortinet 1

intel 1

hivepro 1

kaspersky 2

mscve 2

nvidia 1

photon 3

akamaiblog 1

amd 1

qualysblog 3

wizblog 1

talosblog 1

cisa 1

almalinux 1

freebsd 1

arista 1

cisco 1

ubuntucve 1

trellix 6

suse 1

nodejsblog 1

aix 1

ubuntu 1

cert 1

thn 1

oracle 4

veracode

Buffer Overflow

2022-11-01 19:44:02

alpinelinux

CVE-2022-3786

2022-11-01 18:15:00

githubexploit

Exploit for Classic Buffer Overflow in Openssl

2022-12-13 16:43:01

openssl

Vulnerability in OpenSSL CVE-2022-3786

2022-11-01 00:00:00

osv

BIT-node-2022-3786

2024-03-06 11:02:40

CVE-2022-3786

2022-11-01 18:15:11

X.509 Email Address Variable Length Buffer Overflow

2022-11-01 12:00:00

debiancve

CVE-2022-3786

2022-11-01 18:15:00

wolfi

CVE-2022-3786 vulnerabilities

2024-04-26 09:06:29

checkpoint_advisories

OpenSSL Buffer Overflow (CVE-2022-3786)

2022-11-03 00:00:00

OpenSSL Buffer Overflow (CVE-2022-3602; CVE-2022-3786)

2022-11-03 00:00:00

github

X.509 Email Address Variable Length Buffer Overflow

2022-11-01 17:45:21

redhatcve

CVE-2022-3786

2022-11-01 16:26:08

rustsec

X.509 Email Address Variable Length Buffer Overflow

2022-11-01 12:00:00

cve

CVE-2022-3786

2022-11-01 18:15:00

prion

Stack overflow

2022-11-01 18:15:00

cgr

CVE-2022-3786 vulnerabilities

2024-04-26 03:19:48

msrc

OpenSSL 3.0 ~ 3.0.6 のリスク (CVE-2022-3786 および CVE-2202-3602) に関する認識とガイダンス

2022-11-03 07:00:00

Awareness and guidance related to OpenSSL 3.0 – 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602)

2022-11-03 00:46:06

Awareness and guidance related to OpenSSL 3.0 - 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602)

2022-11-02 07:00:00

oraclelinux

openssl security update

2022-11-01 00:00:00

openssl security update

2022-11-01 00:00:00

openssl security update

2022-11-17 00:00:00

gentoo

OpenSSL: Multiple Vulnerabilities

2022-11-01 00:00:00

ics

Hitachi Energy PCU400

2023-01-19 12:00:00

Siemens Products affected by OpenSSL 3.0

2022-12-15 12:00:00

Hitachi Energy Lumada Asset Performance Management

2023-01-05 12:00:00

redhat

(RHSA-2022:7288) Important: openssl security update

2022-11-01 18:25:07

(RHSA-2022:7384) Important: openssl-container security update

2022-11-02 18:29:10

(RHSA-2023:0786) Important: Network observability 1.1.0 security update

2023-02-15 11:39:53

ibm

Security Bulletin: IBM Observability with Instana (OnPrem) affected by OpenSSL vulnerabilities.

2023-03-07 09:44:53

Security Bulletin: IBM MQ Advanced Message Security on IBM i platforms is affected by a buffer overflow issue in OpenSSL (CVE-2022-3602, CVE-2022-3786)

2022-11-04 12:45:04

Security Bulletin: OpenSSL vulnerabilities might impact IBM Cloud Application Business Insights - CVE-2022-3602 & CVE-2022-3786

2022-12-30 15:09:22

rocky

openssl security update

2022-11-01 18:25:07

OpenSSL vulnerabilities CVE-2022-3786 and CVE-2022-3602

2022-10-28 17:31:00

openvas

Fedora: Security Advisory for openssl (FEDORA-2022-0f1d2e0537)

2022-11-03 00:00:00

OpenSSL: Multiple Vulnerabilities (Nov 2022) - Windows

2022-10-28 00:00:00

OpenSSL: Multiple Vulnerabilities (Nov 2022) - Linux

2022-10-28 00:00:00

nessus

Fedora 36 : 1:openssl (2022-502f096dce)

2022-11-01 00:00:00

Oracle Linux 9 : openssl (ELSA-2022-7288)

2022-11-02 00:00:00

GLSA-202211-01 : OpenSSL: Multiple Vulnerabilities

2022-11-02 00:00:00

fedora

[SECURITY] Fedora 37 Update: openssl-3.0.5-3.fc37

2022-11-02 02:01:31

[SECURITY] Fedora 36 Update: openssl-3.0.5-2.fc36

2022-11-02 01:50:12

rapid7blog

CVE-2022-3786 and CVE-2022-3602: Two High-Severity Buffer Overflow Vulnerabilities in OpenSSL Fixed

2022-11-01 16:38:53

Rapid7’s Impact from OpenSSL Buffer Overflow Vulnerabilities (CVE-2022-3786 & CVE-2022-3602)

2022-11-11 13:41:22

Year in Review: Rapid7 Vulnerability Management

2023-01-09 17:00:00

fortinet

Protect

2022-10-28 00:00:00

intel

Intel® Software Products Advisory for OpenSSL Vulnerabilities (CVE-2022-3786 & CVE-2022-3602) Advisory

2023-02-02 00:00:00

hivepro

Patch available for pre-announced Critical Vulnerability in OpenSSL

2022-11-02 07:27:54

kaspersky

KLA20036 Multiple vulnerabilities in Microsoft Azure

2022-11-02 00:00:00

KLA20037 Multiple vulnerabilities in Microsoft Open Source Software

2022-11-02 00:00:00

mscve

OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrun

2022-11-02 07:00:00

OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun

2022-11-02 07:00:00

nvidia

Security Notice: NVIDIA Response to OpenSSL Vulnerabilities - November 2022

2022-11-01 00:00:00

photon

Important Photon OS Security Update - PHSA-2022-0272

2022-11-02 00:00:00

Important Photon OS Security Update - PHSA-2022-4.0-0272

2022-11-02 00:00:00

Critical Photon OS Security Update - PHSA-2023-5.0-0011

2023-05-24 00:00:00

akamaiblog

An update on the impact of OpenSSL CVE-2022-3602 and CVE-2022-3786 on Akamai's systems

2022-11-07 10:00:00

amd

OpenSSL Vulnerabilities

2023-08-08 00:00:00

qualysblog

Qualys Research Alert: OpenSSL 3.0.7 – What You Need To Know

2022-10-31 14:15:52

OpenSSL Vulnerability Recap

2022-11-03 17:00:00

November 2022 Patch Tuesday | Microsoft Releases 65 New Vulnerabilities with 10 Critical; Adobe Releases Zero Advisories (for the first time in six years).

2022-11-08 21:00:00

wizblog

OpenSSL vulnerabilities: Everything you need to know

2022-10-29 04:11:46

talosblog

Threat Advisory: High Severity OpenSSL Vulnerabilities

2022-11-01 19:03:49

cisa

OpenSSL Releases Security Update

2022-11-01 00:00:00

almalinux

Important: openssl security update

2022-11-01 00:00:00

freebsd

OpenSSL -- Buffer overflows in Email verification

2022-11-01 00:00:00

arista

Security Advisory 0081

2022-11-01 00:00:00

cisco

Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022

2022-10-28 16:00:00

ubuntucve

CVE-2022-3786

2022-11-01 00:00:00

trellix

CVE-2023-0286: The OpenSSL Who Cried “Severity: High

2023-02-09 00:00:00

CVE-2023-0286: The OpenSSL Who Cried “Severity: High

2023-02-09 00:00:00

OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602

2022-11-01 00:00:00

suse

Security update for openssl-3 (critical)

2022-11-01 00:00:00

nodejsblog

Nov 3 2022 Security Releases

2022-11-01 00:00:00

aix

Multiple vulnerabilities in OpenSSL affect AIX

2023-01-24 09:22:21

ubuntu

OpenSSL vulnerabilities

2022-11-01 00:00:00

cert

OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly

2022-11-01 00:00:00

thn

OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities

2022-11-01 16:26:00

oracle

Oracle Critical Patch Update Advisory - January 2024

2024-01-16 00:00:00

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

JSON

Related for CNVD-2022-73349