Lucene search

Veracode Vulnerability DatabaseVERACODE:37743

HistoryNov 01, 2022 - 5:29 p.m.

Buffer Overflow

2022-11-0117:29:15

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.034 Low

EPSS

Percentile

90.4%

JSON

OpenSSL is vulnerable to buffer overflow. The vulnerability is due to incomplete X.509 certificate name constraint checking after successful chain signature verification. An attacker can add a malicious email address to the certificate to overflow four attacker-controlled bytes on the stack. This crash can result in denial of service, or in special circumstances remote code execution.

CPENameOperatorVersion
openssl3:3.16eq3.0.5-r1
openssl3:3.16eq3.0.3-r0
openssl3:3.16eq3.0.5-r0
openssl3:3.16eq3.0.2-r0
openssl3:3.16le3.0.5-r1
openssl:3.17eq3.0.5-r3
openssl:3.17le3.0.5-r3
openssl:3.15eq3.0.0-r2
openssl3:edgele3.0.5-r0
openssl3le3.0.1__41.el8.1

Name	Operator	Version
openssl3:3.16	eq	3.0.5-r1
openssl3:3.16	eq	3.0.3-r0
openssl3:3.16	eq	3.0.5-r0
openssl3:3.16	eq	3.0.2-r0
openssl3:3.16	le	3.0.5-r1
openssl:3.17	eq	3.0.5-r3
openssl:3.17	le	3.0.5-r3
openssl:3.15	eq	3.0.0-r2
openssl3:edge	le	3.0.5-r0
openssl3	le	3.0.1__41.el8.1

Rows per page:

1-10 of 1521

References

packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html

www.openwall.com/lists/oss-security/2022/11/01/15

www.openwall.com/lists/oss-security/2022/11/01/16

www.openwall.com/lists/oss-security/2022/11/01/17

www.openwall.com/lists/oss-security/2022/11/01/18

www.openwall.com/lists/oss-security/2022/11/01/19

www.openwall.com/lists/oss-security/2022/11/01/20

www.openwall.com/lists/oss-security/2022/11/01/21

www.openwall.com/lists/oss-security/2022/11/01/24

www.openwall.com/lists/oss-security/2022/11/02/1

www.openwall.com/lists/oss-security/2022/11/02/10

www.openwall.com/lists/oss-security/2022/11/02/11

www.openwall.com/lists/oss-security/2022/11/02/12

www.openwall.com/lists/oss-security/2022/11/02/13

www.openwall.com/lists/oss-security/2022/11/02/14

www.openwall.com/lists/oss-security/2022/11/02/15

www.openwall.com/lists/oss-security/2022/11/02/2

www.openwall.com/lists/oss-security/2022/11/02/3

www.openwall.com/lists/oss-security/2022/11/02/5

www.openwall.com/lists/oss-security/2022/11/02/6

www.openwall.com/lists/oss-security/2022/11/02/7

www.openwall.com/lists/oss-security/2022/11/02/9

www.openwall.com/lists/oss-security/2022/11/03/1

www.openwall.com/lists/oss-security/2022/11/03/10

www.openwall.com/lists/oss-security/2022/11/03/11

www.openwall.com/lists/oss-security/2022/11/03/2

www.openwall.com/lists/oss-security/2022/11/03/3

www.openwall.com/lists/oss-security/2022/11/03/5

www.openwall.com/lists/oss-security/2022/11/03/6

www.openwall.com/lists/oss-security/2022/11/03/7

www.openwall.com/lists/oss-security/2022/11/03/9

git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3

git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fe3b639dc19b325846f4f6801f2f4604f56e3de3

github.com/openssl/openssl/commit/fe3b639dc19b325846f4f6801f2f4604f56e3de3#diff-de2651c670dde92b08e86f386059436bee7f7271df21a18036e8b9d85b8070fe

github.com/pblumo/openssl-vuln-nov-2022/blob/main/list.csv

isc.sans.edu/forums/diary/Upcoming+Critical+OpenSSL+Vulnerability+What+will+be+Affected/29192

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/

lists.fedoraproject.org/archives/list/[email protected]/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/

lists.fedoraproject.org/archives/list/[email protected]/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/

mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html

psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023

security.gentoo.org/glsa/202211-01

security.netapp.com/advisory/ntap-20221102-0001/

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a

www.akamai.com/blog/security-research/openssl-vulnerability-how-to-effectively-prepare

www.kb.cert.org/vuls/id/794340

www.openssl.org/blog/blog/2022/11/01/email-address-overflows/

www.openssl.org/news/secadv/20221101.txt

www.paloaltonetworks.com/blog/prisma-cloud/prepare-openssl-vulnerability/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.034 Low

EPSS

Percentile

90.4%

JSON

Buffer Overflow

References

Related