X.509 Email Address 4-byte Buffer Overflow

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2022-3602
StatePUBLISHED
Assigneropenssl
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-11-01 18:15:10 UTC
Updated2026-04-14 10:16:25 UTC
DescriptionA buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).

Risk And Classification

Primary CVSS: v3.1 7.5 HIGH from [email protected]

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS: 0.832190000 probability, percentile 0.992680000 (date 2026-04-15)

Problem Types: CWE-787 | Buffer overflow | CWE-787 CWE-787 Out-of-bounds Write

VersionSourceTypeScoreSeverityVector
3.1[email protected]Primary7.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1ADPDECLARED7.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1134c704f-9b21-4f2e-91b3-4a467353bcc0Secondary7.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v3.1 Breakdown

Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Fedoraproject Fedora 26 All All All
Operating System Fedoraproject Fedora 27 All All All
Operating System Fedoraproject Fedora 36 All All All
Operating System Fedoraproject Fedora 37 All All All
Application Netapp Clustered Data Ontap - All All All
Application Nodejs Node.js All All All All
Application Nodejs Node.js 18.12.0 All All All
Application Nodejs Node.js 19.0.0 All All All
Application Openssl Openssl All All All All

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA OpenSSL OpenSSL affected Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6) Not specified
ADP Siemens Calibre ICE affected V2022.4 V2023.1 custom Not specified
ADP Siemens Mcenter affected V5.2.1 V5.3.0 custom Not specified
ADP Siemens SCALANCE X204RNA HSR affected V3.2.7 V3.2.8 custom Not specified
ADP Siemens SCALANCE X204RNA PRP affected V3.2.7 V3.2.8 custom Not specified
ADP Siemens SCALANCE X204RNA EEC HSR affected V3.2.7 V3.2.8 custom Not specified
ADP Siemens SCALANCE X204RNA EEC PRP affected V3.2.7 V3.2.8 custom Not specified
ADP Siemens SCALANCE X204RNA EEC PRP/HSR affected V3.2.7 V3.2.8 custom Not specified
ADP Siemens SICAM GridPass affected V1.80 V2.20 custom Not specified
ADP Siemens SIMATIC RTLS Locating Manager affected V2.13.0.0 V2.13.0.3 custom Not specified

References

ReferenceSourceLinkTags
oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
[SECURITY] Fedora 37 Update: openssl-3.0.5-3.fc37 - package-announce - Fedora Mailing-Lists af854a3a-2127-422b-91ae-364da2661108 lists.fedoraproject.org Mailing List, Third Party Advisory
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
cert-portal.siemens.com/productcert/html/ssa-408105.html 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e cert-portal.siemens.com
oss-security - OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
Security Advisory af854a3a-2127-422b-91ae-364da2661108 psirt.global.sonicwall.com Third Party Advisory
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
oss-security - Re: Fwd: Node.js security updates for all active release lines, November 2022 af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
www.openssl.org/news/secadv/20221101.txt af854a3a-2127-422b-91ae-364da2661108 www.openssl.org Vendor Advisory
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openss... af854a3a-2127-422b-91ae-364da2661108 tools.cisco.com Third Party Advisory
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
OpenSSL Security Advisory 20221101 ≈ Packet Storm af854a3a-2127-422b-91ae-364da2661108 packetstormsecurity.com Third Party Advisory, VDB Entry
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
git.openssl.org Git - openssl.git/commitdiff af854a3a-2127-422b-91ae-364da2661108 git.openssl.org Broken Link, Third Party Advisory
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
OpenSSL: Multiple Vulnerabilities (GLSA 202211-01) — Gentoo security af854a3a-2127-422b-91ae-364da2661108 security.gentoo.org Issue Tracking, Third Party Advisory
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
VU#794340 - OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly af854a3a-2127-422b-91ae-364da2661108 www.kb.cert.org Third Party Advisory, US Government Resource
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
November 2022 OpenSSL Vulnerabilities in NetApp Products | NetApp Product Security af854a3a-2127-422b-91ae-364da2661108 security.netapp.com Third Party Advisory
oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
[SECURITY] Fedora 36 Update: openssl-3.0.5-2.fc36 - package-announce - Fedora Mailing-Lists af854a3a-2127-422b-91ae-364da2661108 lists.fedoraproject.org Mailing List, Third Party Advisory
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00789.html af854a3a-2127-422b-91ae-364da2661108 www.intel.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
git.openssl.org Git - openssl.git/commitdiff MITRE git.openssl.org
[SECURITY] Fedora 37 Update: openssl-3.0.5-3.fc37 - package-announce - Fedora Mailing-Lists MITRE lists.fedoraproject.org
[SECURITY] Fedora 36 Update: openssl-3.0.5-2.fc36 - package-announce - Fedora Mailing-Lists MITRE lists.fedoraproject.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Vendor Comments And Credit

Discovery Credit

CNA: Polar Bear (en)

Legacy QID Mappings

  • 160191 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-7288)
  • 160192 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-9968)
  • 160258 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-10004)
  • 183501 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2022-3602)
  • 199012 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5710-1)
  • 199113 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5710-1)
  • 199114 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5710-1)
  • 199115 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5710-1)
  • 199116 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5710-1)
  • 199117 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5710-1)
  • 240798 Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2022:7288)
  • 283270 Fedora Security Update for Open Secure Sockets Layer (OpenSSL) (FEDORA-2022-502f096dce)
  • 283442 Fedora Security Update for Open Secure Sockets Layer (OpenSSL) (FEDORA-2022-0f1d2e0537)
  • 296086 Oracle Solaris 11.4 Support Repository Update (SRU) 51.132.1 Missing (CPUOCT2022)
  • 296098 Oracle Solaris 11.4 Support Repository Update (SRU) 52.132.2 Missing (CPUOCT2022)
  • 330128 IBM AIX Multiple Vulnerabilities in Open Secure Sockets Layer (OpenSSL) (openssl_advisory37)
  • 354102 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2022-2022-157
  • 354404 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2022-2022-157
  • 355250 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2023-2023-051
  • 355273 Amazon Linux Security Advisory for nodejs : ALAS2023-2023-084
  • 377733 Open Secure Sockets Layer (OpenSSL) Less Than 3.0.7 Buffer Overflow Vulnerability (Scan Utility)
  • 377881 Node.js Multiple Vulnerabilities (November 2022)
  • 377934 Node.js Multiple Vulnerabilities (November 2022)
  • 38879 Open Secure Sockets Layer (OpenSSL) Less Than 3.0.7 Buffer Overflow Vulnerability
  • 43945 FortiOS - Unauthorized Command Execution Vulnerability (FG-IR-22-419)
  • 502587 Alpine Linux Security Update for Open Secure Sockets Layer3 (OpenSSL3)
  • 502747 Alpine Linux Security Update for nodejs
  • 502755 Alpine Linux Security Update for openssl
  • 503688 Alpine Linux Security Update for openssl3
  • 520001 Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (CVE-2022-3602, CVE-2022-3786)
  • 591335 Hitachi Energy PCU400 Reliance on Uncontrolled Component Multiple Vulnerabilities (ICSA-23-019-01, 8DBD 000137)
  • 690972 Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (0844671c-5a09-11ed-856e-d4c9ef517024)
  • 710678 Gentoo Linux Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (GLSA 202211-01)
  • 752752 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL-3) (SUSE-SU-2022:3843-1)
  • 940723 AlmaLinux Security Update for Open Secure Sockets Layer (OpenSSL) (ALSA-2022:7288)
  • 960515 Rocky Linux Security Update for Open Secure Sockets Layer (OpenSSL) (RLSA-2022:7288)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report