15 matches found
MiracleLinux 9 : openssl-3.0.7-6.el9 (AXSA:2023-5373:04)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5373:04 advisory. openssl: Using a Custom Cipher with NIDundef may lead to NULL encryption CVE-2022-3358 Tenable has extracted the preceding description block directly from th...
CentOS 9 : openssl-3.0.7-18.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the openssl-3.0.7-18.el9 build changelog. - Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may...
CentOS 9 : openssl-3.0.7-25.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the openssl-3.0.7-25.el9 build changelog. - Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are...
BIT-NODE-2022-3602 X.509 Email Address 4-byte Buffer Overflow
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...
SUSE CVE-2022-3602
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...
OpenSSL 3.0.7 security fix: Should Opera users be worried?
Security OpenSSL 3.0.7 security fix: Should Opera users be worried? Share November 3rd, 2022 Hi everyone! The OpenSSL 3.0.7 security-fix release fixes high-priority vulnerabilities in the OpenSSL open-source cryptography library, specifically CVE-2022-3602 and CVE-2022-3786. The vulnerabilities...
Amazon Linux 2022 : openssl, openssl-devel, openssl-libs (ALAS2022-2022-157)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-157 advisory. Two issues were found in OpenSSL 3.0. The first being a stack based buffer overflow, which is possible by sending an X.509 certificate with a specially crafted email address field. In the...
Oracle Linux 9 : openssl (ELSA-2022-7288)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7288 advisory. - CVE-2022-3602: X.509 Email Address Buffer Overflow - running tests Resolves: CVE-2022-3602 Tenable has extracted the preceding description block...
CVE-2022-3602
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...
Stack overflow
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...
CVE-2022-3602 X.509 Email Address 4-byte Buffer Overflow
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...
UBUNTU-CVE-2022-3602
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...
CVE-2022-3602
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...
Qualys Research Alert: OpenSSL 3.0.7 – What You Need To Know
On Tuesday, November 1, 2022, the OpenSSL project released a new version of OpenSSL with version 3.0.7. This update patches two buffer overflow vulnerabilities which can be triggered in X.509 certificate verification. These vulnerabilities only apply to OpenSSL 3.x. Both these vulnerabilities are...
Latest on OpenSSL 3.0.7 Bug & Security-Fix
Potential disruptions following vulnerabilities found in OpenSSL...