Lucene search
GoogleOSV:GHSA-VR8J-HGMM-JH9RHistoryDec 13, 2022 - 6:30 p.m.
openssl-src subject to DoS by double-checked locking
2022-12-1318:30:33
Google
osv.dev
7
0.001 Low
EPSS
Percentile
44.9%
If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the -policy' argument to the command line utilities or by calling either X509_VERIFY_PARAM_add0_policy()’ or `X509_VERIFY_PARAM_set1_policies()’ functions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| openssl-src | lt | 3.0.8 | |
| openssl-src | ge | 3.0.0 |
Related
openvas
openvas
OpenSSL: X.509 Policy Constraints Double Locking Vulnerability (Dec 2022) - Windows
2022-12-14 00:00:00
OpenSSL: X.509 Policy Constraints Double Locking Vulnerability (Dec 2022) - Linux
2022-12-14 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4586-1)
2022-12-21 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-0308
2023-01-05 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0308
2023-01-05 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0415
2023-06-22 00:00:00
nessus
nessus
Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2023-095)
2023-03-21 00:00:00
SUSE SLED15 / SLES15 Security Update : openssl-3 (SUSE-SU-2022:4586-1)
2022-12-21 00:00:00
cgr
cgr
CVE-2022-3996 vulnerabilities
2024-05-19 03:07:16
veracode
veracode
Improper Locking
2023-01-06 08:19:51
wolfi
wolfi
CVE-2022-3996 vulnerabilities
2024-05-29 03:07:31
nodejsblog
nodejsblog
OpenSSL 3.0.7 update assessment
2022-12-16 00:00:00
redhatcve
redhatcve
CVE-2022-3996
2022-12-14 11:04:49
github
github
openssl-src subject to DoS by double-checked locking
2022-12-13 18:30:33
openssl
openssl
Vulnerability in OpenSSL CVE-2022-3996
2022-12-13 00:00:00
osv
osv
CVE-2022-3996
2022-12-13 16:15:22
openssl, openssl1.0 vulnerabilities
2023-04-25 15:53:53
alpinelinux
alpinelinux
CVE-2022-3996
2022-12-13 16:15:00
prion
prion
Design/Logic Flaw
2022-12-13 16:15:00
debiancve
debiancve
CVE-2022-3996
2022-12-13 16:15:00
cve
cve
CVE-2022-3996
2022-12-13 16:15:00
cvelist
cvelist
CVE-2022-3996 X.509 Policy Constraints Double Locking
2022-12-13 15:43:06
ubuntucve
ubuntucve
CVE-2022-3996
2022-12-13 00:00:00
cloudlinux
cloudlinux
openssl: Fix of 3 CVEs
2023-05-04 21:42:17
cloudfoundry
cloudfoundry
USN-6039-1: OpenSSL vulnerabilities | Cloud Foundry
2023-06-30 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2023-04-25 00:00:00
thn
thn
OpenSSL Fixes Multiple New Security Flaws with Latest Update
2023-02-09 09:51:00
aix
aix
Multiple vulnerabilities in OpenSSL affect AIX
2023-03-21 13:26:15
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00