CVE-2022-3602

Description from NVD

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).

Information Acquisition Date:2022-11-30T14:58Z
CVSS 2.0: 0.0 None CVSS 3.x: 7.5 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

NVD References

 https://www.openssl.org/news/secadv/20221101.txt
     source:CONFIRM
     tags:Vendor Advisory    
 [oss-security] 20221101 OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 20221028 Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022
     source:CISCO
     tags:Third Party Advisory    
 GLSA-202211-01
     source:GENTOO
     tags:Issue Tracking    Third Party Advisory    
 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023
     source:CONFIRM
     tags:Third Party Advisory    
 [oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221102 Re: Fwd: Node.js security updates for all active release lines, November 2022
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html
     source:MISC
     tags:Third Party Advisory    VDB Entry    
 [oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 https://security.netapp.com/advisory/ntap-20221102-0001/
     source:CONFIRM
     tags:Third Party Advisory    
 VU#794340
     source:CERT-VN
     tags:Third Party Advisory    US Government Resource    
 [oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/
     source:MISC
     tags:Mailing List    Third Party Advisory    
 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/
     source:MISC
     tags:Mailing List    Third Party Advisory    
 http://www.openwall.com/lists/oss-security/2022/11/03/11
     source:MISC
     tags:Mailing List    Third Party Advisory    
 http://www.openwall.com/lists/oss-security/2022/11/03/10
     source:MISC
     tags:Mailing List    Third Party Advisory    
 http://www.openwall.com/lists/oss-security/2022/11/03/9
     source:MISC
     tags:Mailing List    Third Party Advisory    
 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3
     source:MISC
     tags:Broken Link    Third Party Advisory    

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: BIG-IP(2 tweets) Linux(1 tweets) OpenSSL(2 tweets)

List of frequently cited URLs

URLNum of Times Referred to
https://lnkd88
http://cyberiqs.com/latestnews73
https://cvetrends.com50
http://twinybots.ch15
https://lists.astaro.com/ASGV9-IPS-rules.html#012
https://nakedsecurity.sophos.com/12
https://vuldb.com/?exploits.2022118
https://www.snort.org/downloads7
https://www.splunk.com/en_us/blog/security/nothing-puny-abo...7
https://news.ycombinator.com/item?id=334232717
https://thehackernews.com/2022/11/just-in-openssl-releases-...6
https://www.rapid7.com/blog/post/2022/11/01/cve-2022-3786-a...5
https://blogs.vmware.com/security/2022/11/vmware-response-t...5
https://access.redhat.com/security/vulnerabilities/RHSB-202...5
https://security.sios.com/vulnerability/openssl-security-vu...5
https://securityonline.info/cve-2022-3602-openssl-remote-co...5
https://rssfeeds.cloudsite.builders/2022/11/02/cve-2022-360...5
https://b.hatena.ne.jp/entry/s/www.openssl.org/blog/blog/20...4
https://securityboulevard.com/2022/11/what-the-openssl-vuln...4
https://www.helpnetsecurity.com/2022/11/01/high-severity-op...4
https://security-tracker.debian.org/tracker/CVE-2022-36024
https://unit42.paloaltonetworks.com/openssl-vulnerabilities4
http://ow.ly/zvz750LsE0K3
https://xtra.li/3heHVQc3
https://cve.report/CVE-2022-36023
https://github.com/openssl/openssl/commit/fe3b639dc19b32584...3
https://sysdig.com/blog/stop-openssl-vulnerability-cve-37863
https://ubuntu.com/security/CVE-2022-36023
http://openssl.org3
https://opsmtrs.com/3fTgB6p3
https://twitter.com/TheHackersNews/status/15874811937205985333
https://www.cve.org/CVERecord?id=CVE-2022-37863
https://isc.sans.edu/diary/rss/292083
http://Checkmarx.com3
https://www.ipa.go.jp/security/ciadr/vul/alert20221102.html3
https://go.trellix.com/3UbKHnk3
https://mta.openssl.org/pipermail/openssl-announce/2022-Nov...3
https://news.google.com/__i/rss/rd/articles/CBMicGh0dHBzOi8...3
https://www.openssl.org/news/cl30.txt3
https://tweetedtimes.com/seclabor?s=tnp3
https://www.jpcert.or.jp/at/2022/at220030.html3
https://www.parasoft.com/blog/analyzing-openssl-punycode-vu...3
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-...3
https://blog.checkpoint.com/2022/11/01/openssl-vulnerabilit...3
https://blog.cloudflare.com/cloudflare-is-not-affected-by-t...3
https://www.bleepingcomputer.com/news/security/openssl-fixe...3
https://securitylabs.datadoghq.com/articles/openssl-novembe...3
https://allsoftwaresucks.blogspot.com/2022/11/why-cve-2022-...3

Information from Twitter

User URL Info Source Date
decodebytes https://twitter.com/decodebytes/status/1635972060647247872/... Source decodebytes      1635972060647247872 2023/03/15
devcentral https://go.f5.net/6t6gl9 Source devcentral       1637881838008934426 2023/03/21
devcentral https://twitter.com/devcentral/status/1637881838008934426/p... Source devcentral       1637881838008934426 2023/03/21
CyberIQs_ http://cyberiqs.com/latestnews Source CyberIQs_        1644271418660593665 2023/04/07
devcentral https://go.f5.net/2dppv9 Source devcentral       1647958153693212674 2023/04/17
devcentral https://twitter.com/devcentral/status/1647958153693212674/p... Source devcentral       1647958153693212674 2023/04/17

List of frequently cited URLs

URLNum of Times Referred to
lnkd88
cyberiqs.com73
cvetrends.com50
twinybots.ch15
lists.astaro.com12
nakedsecurity.sophos.com12
vuldb.com8
www.snort.org7
www.splunk.com7
news.ycombinator.com7
thehackernews.com6
www.rapid7.com5
blogs.vmware.com5
access.redhat.com5
security.sios.com5
securityonline.info5
rssfeeds.cloudsite.builders5
b.hatena.ne.jp4
securityboulevard.com4
www.helpnetsecurity.com4
security-tracker.debian.org4
unit42.paloaltonetworks.com4
ow.ly3
xtra.li3
cve.report3
github.com3
sysdig.com3
ubuntu.com3
openssl.org3
opsmtrs.com3
twitter.com3
www.cve.org3
isc.sans.edu3
Checkmarx.com3
www.ipa.go.jp3
go.trellix.com3
mta.openssl.org3
news.google.com3
www.openssl.org3
tweetedtimes.com3
www.jpcert.or.jp3
www.parasoft.com3
www.trustwave.com3
blog.checkpoint.com3
blog.cloudflare.com3
www.bleepingcomputer.com3
securitylabs.datadoghq.com3
allsoftwaresucks.blogspot.com3

Information from Twitter

User URL Info Source
decodebytes twitter.com Show Tweet
devcentral go.f5.net Show Tweet
devcentral twitter.com Show Tweet
CyberIQs_ cyberiqs.com Show Tweet
devcentral go.f5.net Show Tweet
devcentral twitter.com Show Tweet
GitHub Search Results: Up to 10
NameURL
NCSC-NL/OpenSSL-2022 https://github.com/NCSC-NL/OpenSSL-2022
colmmacc/CVE-2022-3602 https://github.com/colmmacc/CVE-2022-3602
rbowes-r7/cve-2022-3602-and-cve-2022-3786-openssl-poc https://github.com/rbowes-r7/cve-2022-3602-and-cve-2022-3786-openssl-poc
eatscrayon/CVE-2022-3602-poc https://github.com/eatscrayon/CVE-2022-3602-poc
attilaszia/cve-2022-3602 https://github.com/attilaszia/cve-2022-3602
corelight/CVE-2022-3602 https://github.com/corelight/CVE-2022-3602
cybersecurityworks553/CVE-2022-3602-and-CVE-2022-3786 https://github.com/cybersecurityworks553/CVE-2022-3602-and-CVE-2022-3786
alicangnll/SpookySSL-Scanner https://github.com/alicangnll/SpookySSL-Scanner
fox-it/spookyssl-pcaps https://github.com/fox-it/spookyssl-pcaps
hi-artem/find-spooky-prismacloud https://github.com/hi-artem/find-spooky-prismacloud
GitHub Search Results: Up to 10
NameURL
NCSC-NL/OpenSSL-2022 github.com
colmmacc/CVE-2022-3602 github.com
rbowes-r7/cve-2022-3602-and-cve-2022-3786-openssl-poc github.com
eatscrayon/CVE-2022-3602-poc github.com
attilaszia/cve-2022-3602 github.com
corelight/CVE-2022-3602 github.com
cybersecurityworks553/CVE-2022-3602-and-CVE-2022-3786 github.com
alicangnll/SpookySSL-Scanner github.com
fox-it/spookyssl-pcaps github.com
hi-artem/find-spooky-prismacloud github.com
2023/04/17 Score : 0
Added Har-sia Database : 2022/11/02
Last Modified : 2023/04/17
Highest Scored Date : 2022/11/02
Highest Score : 677