Lucene search
OpensslCVELIST:CVE-2022-3786HistoryNov 01, 2022 - 12:00 a.m.
CVE-2022-3786 X.509 Email Address Variable Length Buffer Overflow
2022-11-0100:00:00
openssl
raw.githubusercontent.com
4
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.’ character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.
Related
veracode
veracode
Buffer Overflow
2022-11-01 19:44:02
alpinelinux
alpinelinux
CVE-2022-3786
2022-11-01 18:15:00
openssl
openssl
Vulnerability in OpenSSL CVE-2022-3786
2022-11-01 00:00:00
githubexploit
githubexploit
Exploit for Classic Buffer Overflow in Openssl
2022-12-13 16:43:01
cnvd
cnvd
OpenSSL Denial of Service Vulnerability (CNVD-2022-73349)
2022-11-03 00:00:00
osv
osv
BIT-node-2022-3786
2024-03-06 11:02:40
CVE-2022-3786
2022-11-01 18:15:11
X.509 Email Address Variable Length Buffer Overflow
2022-11-01 12:00:00
debiancve
debiancve
CVE-2022-3786
2022-11-01 18:15:00
wolfi
wolfi
CVE-2022-3786 vulnerabilities
2024-06-01 21:07:39
checkpoint_advisories
checkpoint_advisories
OpenSSL Buffer Overflow (CVE-2022-3786)
2022-11-03 00:00:00
OpenSSL Buffer Overflow (CVE-2022-3602; CVE-2022-3786)
2022-11-03 00:00:00
github
github
X.509 Email Address Variable Length Buffer Overflow
2022-11-01 17:45:21
redhatcve
redhatcve
CVE-2022-3786
2022-11-01 16:26:08
cgr
cgr
CVE-2022-3786 vulnerabilities
2024-05-19 03:07:16
rustsec
rustsec
X.509 Email Address Variable Length Buffer Overflow
2022-11-01 12:00:00
cve
cve
CVE-2022-3786
2022-11-01 18:15:00
prion
prion
Stack overflow
2022-11-01 18:15:00
msrc
msrc
ibm
ibm
gentoo
gentoo
OpenSSL: Multiple Vulnerabilities
2022-11-01 00:00:00
Node.js: Multiple Vulnerabilities
2024-05-08 00:00:00
openvas
openvas
Fedora: Security Advisory for openssl (FEDORA-2022-0f1d2e0537)
2022-11-03 00:00:00
OpenSSL: Multiple Vulnerabilities (Nov 2022) - Windows
2022-10-28 00:00:00
OpenSSL: Multiple Vulnerabilities (Nov 2022) - Linux
2022-10-28 00:00:00
rocky
rocky
openssl security update
2022-11-01 18:25:07
redhat
redhat
(RHSA-2022:7288) Important: openssl security update
2022-11-01 18:25:07
(RHSA-2022:7384) Important: openssl-container security update
2022-11-02 18:29:10
(RHSA-2023:0786) Important: Network observability 1.1.0 security update
2023-02-15 11:39:53
f5
f5
OpenSSL vulnerabilities CVE-2022-3786 and CVE-2022-3602
2022-10-28 17:31:00
oraclelinux
oraclelinux
openssl security update
2022-11-01 00:00:00
openssl security update
2022-11-01 00:00:00
openssl security update
2022-11-17 00:00:00
ics
ics
Hitachi Energy PCU400
2023-01-19 12:00:00
Siemens Products affected by OpenSSL 3.0
2022-12-15 12:00:00
Hitachi Energy Lumada Asset Performance Management
2023-01-05 12:00:00
nessus
nessus
Oracle Linux 9 : openssl (ELSA-2022-7288)
2022-11-02 00:00:00
Fedora 36 : 1:openssl (2022-502f096dce)
2022-11-01 00:00:00
AlmaLinux 9 : openssl (ALSA-2022:7288)
2022-11-02 00:00:00
fortinet
fortinet
Protect
2022-10-28 00:00:00
rapid7blog
rapid7blog
fedora
fedora
[SECURITY] Fedora 37 Update: openssl-3.0.5-3.fc37
2022-11-02 02:01:31
[SECURITY] Fedora 36 Update: openssl-3.0.5-2.fc36
2022-11-02 01:50:12
intel
intel
photon
photon
Important Photon OS Security Update - PHSA-2022-0272
2022-11-02 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0272
2022-11-02 00:00:00
Critical Photon OS Security Update - PHSA-2023-5.0-0011
2023-05-24 00:00:00
hivepro
hivepro
Patch available for pre-announced Critical Vulnerability in OpenSSL
2022-11-02 07:27:54
kaspersky
kaspersky
KLA20036 Multiple vulnerabilities in Microsoft Azure
2022-11-02 00:00:00
KLA20037 Multiple vulnerabilities in Microsoft Open Source Software
2022-11-02 00:00:00
amd
amd
OpenSSL Vulnerabilities
2023-08-08 00:00:00
akamaiblog
akamaiblog
nvidia
nvidia
Security Notice: NVIDIA Response to OpenSSL Vulnerabilities - November 2022
2022-11-01 00:00:00
mscve
mscve
OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrun
2022-11-02 07:00:00
OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun
2022-11-02 07:00:00
qualysblog
qualysblog
wizblog
wizblog
OpenSSL vulnerabilities: Everything you need to know
2022-10-29 04:11:46
cisa
cisa
OpenSSL Releases Security Update
2022-11-01 00:00:00
talosblog
talosblog
Threat Advisory: High Severity OpenSSL Vulnerabilities
2022-11-01 19:03:49
arista
arista
Security Advisory 0081
2022-11-01 00:00:00
cisco
cisco
Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022
2022-10-28 16:00:00
ubuntucve
ubuntucve
CVE-2022-3786
2022-11-01 00:00:00
almalinux
almalinux
Important: openssl security update
2022-11-01 00:00:00
freebsd
freebsd
OpenSSL -- Buffer overflows in Email verification
2022-11-01 00:00:00
suse
suse
Security update for openssl-3 (critical)
2022-11-01 00:00:00
trellix
trellix
CVE-2023-0286: The OpenSSL Who Cried “Severity: High
2023-02-09 00:00:00
CVE-2023-0286: The OpenSSL Who Cried “Severity: High
2023-02-09 00:00:00
OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602
2022-11-01 00:00:00
aix
aix
Multiple vulnerabilities in OpenSSL affect AIX
2023-01-24 09:22:21
nodejsblog
nodejsblog
Nov 3 2022 Security Releases
2022-11-01 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2022-11-01 00:00:00
cert
cert
thn
thn
OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities
2022-11-01 16:26:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00