Vulnerability Description
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openssl | Openssl | >= 3.0.0, < 3.0.7 |
| Fedoraproject | Fedora | 36 |
| Netapp | Clustered Data Ontap | - |
| Nodejs | Node.Js | >= 18.0.0, < 18.11.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.hThird Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2022/11/01/15Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/11/01/16Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/11/01/17Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/11/01/18Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/11/01/19Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/11/01/20Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/11/01/21Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/11/01/24Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/11/02/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/11/02/10Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/11/02/11Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/11/02/12Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/11/02/13Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/11/02/14Mailing ListThird Party Advisory
FAQ
What is CVE-2022-3602?
CVE-2022-3602 is a vulnerability with a CVSS score of 7.5 (HIGH). A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either ...
How severe is CVE-2022-3602?
CVE-2022-3602 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-3602?
Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl, Fedoraproject Fedora, Netapp Clustered Data Ontap, Nodejs Node.Js.