7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
34.7%
OpenSSL is vulnerable to buffer overflow. The vulnerability exists due to incomplete X.509 certificate name constraint checking after successful chain signature verification. An attacker can add a malicious email address to the certificate to overflow an arbitrary number of bytes on the stack with the .
character. This crash can result in denial of service.
packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html
www.openwall.com/lists/oss-security/2022/11/01/15
www.openwall.com/lists/oss-security/2022/11/01/16
www.openwall.com/lists/oss-security/2022/11/01/17
www.openwall.com/lists/oss-security/2022/11/01/18
www.openwall.com/lists/oss-security/2022/11/01/19
www.openwall.com/lists/oss-security/2022/11/01/20
www.openwall.com/lists/oss-security/2022/11/01/21
www.openwall.com/lists/oss-security/2022/11/01/24
www.openwall.com/lists/oss-security/2022/11/02/1
www.openwall.com/lists/oss-security/2022/11/02/10
www.openwall.com/lists/oss-security/2022/11/02/11
www.openwall.com/lists/oss-security/2022/11/02/12
www.openwall.com/lists/oss-security/2022/11/02/13
www.openwall.com/lists/oss-security/2022/11/02/14
www.openwall.com/lists/oss-security/2022/11/02/15
www.openwall.com/lists/oss-security/2022/11/02/2
www.openwall.com/lists/oss-security/2022/11/02/3
www.openwall.com/lists/oss-security/2022/11/02/5
www.openwall.com/lists/oss-security/2022/11/02/6
www.openwall.com/lists/oss-security/2022/11/02/7
www.openwall.com/lists/oss-security/2022/11/02/9
www.openwall.com/lists/oss-security/2022/11/03/1
www.openwall.com/lists/oss-security/2022/11/03/10
www.openwall.com/lists/oss-security/2022/11/03/11
www.openwall.com/lists/oss-security/2022/11/03/2
www.openwall.com/lists/oss-security/2022/11/03/3
www.openwall.com/lists/oss-security/2022/11/03/5
www.openwall.com/lists/oss-security/2022/11/03/6
www.openwall.com/lists/oss-security/2022/11/03/7
www.openwall.com/lists/oss-security/2022/11/03/9
git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=c42165b5706e42f67ef8ef4c351a9a4c5d21639a
git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a
github.com/pblumo/openssl-vuln-nov-2022/blob/main/list.csv
isc.sans.edu/forums/diary/Upcoming+Critical+OpenSSL+Vulnerability+What+will+be+Affected/29192
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/
lists.fedoraproject.org/archives/list/[email protected]/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/
lists.fedoraproject.org/archives/list/[email protected]/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/
mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html
mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html
psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023
security.gentoo.org/glsa/202211-01
security.netapp.com/advisory/ntap-20221102-0001/
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a
www.akamai.com/blog/security-research/openssl-vulnerability-how-to-effectively-prepare
www.kb.cert.org/vuls/id/794340
www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
www.openssl.org/news/secadv/20221101.txt
www.paloaltonetworks.com/blog/prisma-cloud/prepare-openssl-vulnerability/
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
34.7%