CVE-2022-3602

Summary

CVE	CVE-2022-3602
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-11-01 18:15:00 UTC
Updated	2023-08-08 14:21:00 UTC
Description	A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Fedoraproject	Fedora	26	All	All	All
Operating System	Fedoraproject	Fedora	27	All	All	All
Operating System	Fedoraproject	Fedora	36	All	All	All
Operating System	Fedoraproject	Fedora	37	All	All	All
Application	Netapp	Clustered Data Ontap	-	All	All	All
Application	Nodejs	Node.js	All	All	All	All
Application	Nodejs	Node.js	18.12.0	All	All	All
Application	Nodejs	Node.js	19.0.0	All	All	All
Application	Openssl	Openssl	All	All	All	All

References

Reference	Source	Link	Tags
www.openssl.org/news/secadv/20221101.txt	CONFIRM	www.openssl.org
oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
[SECURITY] Fedora 36 Update: openssl-3.0.5-2.fc36 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
git.openssl.org Git - openssl.git/commitdiff	CONFIRM	git.openssl.org
Security Advisory	CONFIRM	psirt.global.sonicwall.com
20221028 Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022	CISCO	tools.cisco.com
OpenSSL: Multiple Vulnerabilities (GLSA 202211-01) — Gentoo security	GENTOO	security.gentoo.org
VU#794340 - OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly	CERT-VN	www.kb.cert.org
oss-security - Re: Fwd: Node.js security updates for all active release lines, November 2022	MLIST	www.openwall.com
oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
[SECURITY] Fedora 37 Update: openssl-3.0.5-3.fc37 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
OpenSSL Security Advisory 20221101 ≈ Packet Storm	MISC	packetstormsecurity.com
git.openssl.org Git - openssl.git/commitdiff	MISC	git.openssl.org
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
November 2022 OpenSSL Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MISC	www.openwall.com
oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MISC	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
[SECURITY] Fedora 36 Update: openssl-3.0.5-2.fc36 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
[SECURITY] Fedora 37 Update: openssl-3.0.5-3.fc37 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MISC	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

160191 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-7288)
160192 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-9968)
160258 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-10004)
183501 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2022-3602)
199012 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5710-1)
199113 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5710-1)
199114 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5710-1)
199115 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5710-1)
199116 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5710-1)
199117 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5710-1)
240798 Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2022:7288)
283270 Fedora Security Update for Open Secure Sockets Layer (OpenSSL) (FEDORA-2022-502f096dce)
283442 Fedora Security Update for Open Secure Sockets Layer (OpenSSL) (FEDORA-2022-0f1d2e0537)
296086 Oracle Solaris 11.4 Support Repository Update (SRU) 51.132.1 Missing (CPUOCT2022)
296098 Oracle Solaris 11.4 Support Repository Update (SRU) 52.132.2 Missing (CPUOCT2022)
330128 IBM AIX Multiple Vulnerabilities in Open Secure Sockets Layer (OpenSSL) (openssl_advisory37)
354102 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2022-2022-157
354404 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2022-2022-157
355250 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2023-2023-051
355273 Amazon Linux Security Advisory for nodejs : ALAS2023-2023-084
377733 Open Secure Sockets Layer (OpenSSL) Less Than 3.0.7 Buffer Overflow Vulnerability (Scan Utility)
377881 Node.js Multiple Vulnerabilities (November 2022)
377934 Node.js Multiple Vulnerabilities (November 2022)
38879 Open Secure Sockets Layer (OpenSSL) Less Than 3.0.7 Buffer Overflow Vulnerability
43945 FortiOS - Unauthorized Command Execution Vulnerability (FG-IR-22-419)
502587 Alpine Linux Security Update for Open Secure Sockets Layer3 (OpenSSL3)
502747 Alpine Linux Security Update for nodejs
502755 Alpine Linux Security Update for openssl
503688 Alpine Linux Security Update for openssl3
520001 Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (CVE-2022-3602, CVE-2022-3786)
591335 Hitachi Energy PCU400 Reliance on Uncontrolled Component Multiple Vulnerabilities (ICSA-23-019-01, 8DBD 000137)
690972 Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (0844671c-5a09-11ed-856e-d4c9ef517024)
710678 Gentoo Linux Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (GLSA 202211-01)
752752 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL-3) (SUSE-SU-2022:3843-1)
940723 AlmaLinux Security Update for Open Secure Sockets Layer (OpenSSL) (ALSA-2022:7288)
960515 Rocky Linux Security Update for Open Secure Sockets Layer (OpenSSL) (RLSA-2022:7288)