Lucene search
UbuntuUSN-5710-1HistoryNov 01, 2022 - 12:00 a.m.
OpenSSL vulnerabilities
2022-11-0100:00:00
ubuntu.com
41
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
8.1 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.062 Low
EPSS
Percentile
93.5%
Releases
- Ubuntu 22.10
- Ubuntu 22.04 LTS
Packages
- openssl - Secure Socket Layer (SSL) cryptographic library and tools
Details
It was discovered that OpenSSL incorrectly handled certain X.509 Email
Addresses. If a certificate authority were tricked into signing a
specially-crafted certificate, a remote attacker could possibly use this
issue to cause OpenSSL to crash, resulting in a denial of service. The
default compiler options for affected releases reduce the vulnerability to
a denial of service. (CVE-2022-3602, CVE-2022-3786)
It was discovered that OpenSSL incorrectly handled applications creating
custom ciphers via the legacy EVP_CIPHER_meth_new() function. This issue
could cause certain applications that mishandled values to the function to
possibly end up with a NULL cipher and messages in plaintext.
(CVE-2022-3358)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 22.10 | noarch | libssl3 | < 3.0.5-2ubuntu2 | UNKNOWN |
| Ubuntu | 22.10 | noarch | libssl-dev | < 3.0.5-2ubuntu2 | UNKNOWN |
| Ubuntu | 22.10 | noarch | libssl-doc | < 3.0.5-2ubuntu2 | UNKNOWN |
| Ubuntu | 22.10 | noarch | libssl3-dbgsym | < 3.0.5-2ubuntu2 | UNKNOWN |
| Ubuntu | 22.10 | noarch | openssl | < 3.0.5-2ubuntu2 | UNKNOWN |
| Ubuntu | 22.10 | noarch | openssl-dbgsym | < 3.0.5-2ubuntu2 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libssl3 | < 3.0.2-0ubuntu1.7 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libssl-dev | < 3.0.2-0ubuntu1.7 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libssl-doc | < 3.0.2-0ubuntu1.7 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libssl3-dbgsym | < 3.0.2-0ubuntu1.7 | UNKNOWN |
Related
nessus
nessus
Ubuntu 22.04 LTS : OpenSSL vulnerabilities (USN-5710-1)
2022-11-02 00:00:00
SUSE SLED15 / SLES15 Security Update : openssl-3 (SUSE-SU-2022:3843-1)
2022-11-02 00:00:00
Nessus Network Monitor < 6.1.1 Multiple Vulnerabilities (TNS-2022-25)
2022-11-10 00:00:00
osv
osv
openssl vulnerabilities
2022-11-01 16:24:36
Important: openssl security update
2022-11-01 18:25:07
Important: openssl security update
2022-11-01 00:00:00
suse
suse
Security update for openssl-3 (critical)
2022-11-01 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:3843-1)
2022-11-02 00:00:00
Ubuntu: Security Advisory (USN-5710-1)
2022-11-02 00:00:00
Fedora: Security Advisory for openssl (FEDORA-2022-0f1d2e0537)
2022-11-03 00:00:00
ibm
ibm
aix
aix
Multiple vulnerabilities in OpenSSL affect AIX
2023-01-24 09:22:21
oraclelinux
oraclelinux
openssl security update
2022-11-01 00:00:00
openssl security update
2022-11-17 00:00:00
openssl security update
2022-11-01 00:00:00
gentoo
gentoo
OpenSSL: Multiple Vulnerabilities
2022-11-01 00:00:00
OpenSSL: Multiple Vulnerabilities
2024-02-04 00:00:00
ics
ics
Hitachi Energy PCU400
2023-01-19 12:00:00
Siemens Products affected by OpenSSL 3.0
2022-12-15 12:00:00
Hitachi Energy Lumada Asset Performance Management
2023-01-05 12:00:00
redhat
redhat
(RHSA-2022:7288) Important: openssl security update
2022-11-01 18:25:07
(RHSA-2022:7384) Important: openssl-container security update
2022-11-02 18:29:10
(RHSA-2023:2523) Low: openssl security and bug fix update
2023-05-09 05:13:15
rocky
rocky
openssl security update
2022-11-01 18:25:07
f5
f5
OpenSSL vulnerabilities CVE-2022-3786 and CVE-2022-3602
2022-10-28 17:31:00
K32553170 : OpenSSL vulnerability CVE-2022-3358
2022-10-18 00:00:00
checkpoint_advisories
checkpoint_advisories
OpenSSL Buffer Overflow (CVE-2022-3602; CVE-2022-3786)
2022-11-03 00:00:00
OpenSSL Buffer Overflow (CVE-2022-3786)
2022-11-03 00:00:00
talosblog
talosblog
Threat Advisory: High Severity OpenSSL Vulnerabilities
2022-11-01 19:03:49
cisa
cisa
OpenSSL Releases Security Update
2022-11-01 00:00:00
cisco
cisco
Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022
2022-10-28 16:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: openssl-3.0.5-2.fc36
2022-11-02 01:50:12
[SECURITY] Fedora 37 Update: openssl-3.0.5-3.fc37
2022-11-02 02:01:31
almalinux
almalinux
Important: openssl security update
2022-11-01 00:00:00
Low: openssl security and bug fix update
2023-05-09 00:00:00
ubuntucve
ubuntucve
freebsd
freebsd
OpenSSL -- Buffer overflows in Email verification
2022-11-01 00:00:00
OpenSSL -- Potential NULL encryption in NID_undef with Custom Cipher
2022-10-11 00:00:00
arista
arista
Security Advisory 0081
2022-11-01 00:00:00
intel
intel
kaspersky
kaspersky
KLA20036 Multiple vulnerabilities in Microsoft Azure
2022-11-02 00:00:00
KLA20037 Multiple vulnerabilities in Microsoft Open Source Software
2022-11-02 00:00:00
hivepro
hivepro
Patch available for pre-announced Critical Vulnerability in OpenSSL
2022-11-02 07:27:54
akamaiblog
akamaiblog
photon
photon
Important Photon OS Security Update - PHSA-2022-0272
2022-11-02 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0272
2022-11-02 00:00:00
Important Photon OS Security Update - PHSA-2022-0267
2022-10-21 00:00:00
amd
amd
OpenSSL Vulnerabilities
2023-08-08 00:00:00
nvidia
nvidia
Security Notice: NVIDIA Response to OpenSSL Vulnerabilities - November 2022
2022-11-01 00:00:00
rapid7blog
rapid7blog
Rapid7’s Impact from OpenSSL Buffer Overflow Vulnerabilities (CVE-2022-3786 & CVE-2022-3602)
2022-11-11 13:41:22
CVE-2022-3786 and CVE-2022-3602: Two High-Severity Buffer Overflow Vulnerabilities in OpenSSL Fixed
2022-11-01 16:38:53
Metasploit Weekly Wrap-Up
2022-11-11 21:16:38
qualysblog
qualysblog
wizblog
wizblog
OpenSSL vulnerabilities: Everything you need to know
2022-10-29 04:11:46
fortinet
fortinet
Protect
2022-10-28 00:00:00
trellix
trellix
CVE-2023-0286: The OpenSSL Who Cried “Severity: High
2023-02-09 00:00:00
CVE-2023-0286: The OpenSSL Who Cried “Severity: High
2023-02-09 00:00:00
OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602
2022-11-01 00:00:00
mscve
mscve
OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun
2022-11-02 07:00:00
OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrun
2022-11-02 07:00:00
nodejsblog
nodejsblog
Nov 3 2022 Security Releases
2022-11-01 00:00:00
OpenSSL and zlib update assessment, and Node.js Assessment workflow
2022-10-24 00:00:00
msrc
msrc
Awareness and guidance related to OpenSSL 3.0 - 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602)
2022-11-02 07:00:00
Awareness and guidance related to OpenSSL 3.0 - 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602)
2022-11-02 07:00:00
OpenSSL 3.0 ~ 3.0.6 のリスク (CVE-2022-3786 および CVE-2202-3602) に関する認識とガイダンス
2022-11-03 07:00:00
cert
cert
thn
thn
OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities
2022-11-01 16:26:00
veracode
veracode
Buffer Overflow
2022-11-01 19:44:02
Improper Access Control
2022-10-14 12:44:57
Buffer Overflow
2022-11-01 17:29:15
alpinelinux
alpinelinux
githubexploit
githubexploit
Exploit for Classic Buffer Overflow in Openssl
2022-12-13 16:43:01
Exploit for Out-of-bounds Write in Openssl
2022-11-03 03:19:52
Exploit for Out-of-bounds Write in Openssl
2022-11-01 23:36:08
openssl
openssl
Vulnerability in OpenSSL CVE-2022-3786
2022-11-01 00:00:00
Vulnerability in OpenSSL CVE-2022-3358
2022-09-29 00:00:00
Vulnerability in OpenSSL CVE-2022-3602
2022-11-01 00:00:00
cve
cve
wolfi
wolfi
CVE-2022-3358 vulnerabilities
2024-04-25 09:06:43
CVE-2022-3786 vulnerabilities
2024-04-25 09:06:43
CVE-2022-3602 vulnerabilities
2024-04-25 09:06:43
cnvd
cnvd
OpenSSL Denial of Service Vulnerability (CNVD-2022-73349)
2022-11-03 00:00:00
OpenSSL Remote Code Execution Vulnerability (CNVD-2022-73348)
2022-11-03 00:00:00
broadcom
broadcom
prion
prion
debiancve
debiancve
rustsec
rustsec
X.509 Email Address Variable Length Buffer Overflow
2022-11-01 12:00:00
Using a Custom Cipher with `NID_undef` may lead to NULL encryption
2022-10-11 12:00:00
X.509 Email Address 4-byte Buffer Overflow
2022-11-01 12:00:00
cgr
cgr
CVE-2022-3786 vulnerabilities
2024-04-25 09:06:10
CVE-2022-3358 vulnerabilities
2024-04-25 09:06:10
CVE-2022-3602 vulnerabilities
2024-04-25 09:06:10
github
github
X.509 Email Address Variable Length Buffer Overflow
2022-11-01 17:45:21
Using a Custom Cipher with `NID_undef` may lead to NULL encryption
2022-10-11 19:00:29
X.509 Email Address 4-byte Buffer Overflow
2022-11-01 17:45:59
redhatcve
redhatcve
filippoio
filippoio
Why Did the OpenSSL Punycode Vulnerability Happen
2022-11-02 17:22:29
metasploit
metasploit
SSL/TLS Version Detection
2022-11-01 03:42:40
avleonov
avleonov
oracle
oracle
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
8.1 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.062 Low
EPSS
Percentile
93.5%
Related for USN-5710-1