X.509 Email Address Variable Length Buffer Overflow
Summary
| CVE | CVE-2022-3786 |
|---|---|
| State | PUBLISHED |
| Assigner | openssl |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-11-01 18:15:11 UTC |
| Updated | 2026-04-14 10:16:26 UTC |
| Description | A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. |
Risk And Classification
Primary CVSS: v3.1 7.5 HIGH from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS: 0.214280000 probability, percentile 0.957120000 (date 2026-04-15)
Problem Types: CWE-120 | Buffer overflow | CWE-120 CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 3.1 | ADP | DECLARED | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
NoneAvailability
HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fedoraproject | Fedora | 36 | All | All | All |
| Operating System | Fedoraproject | Fedora | 37 | All | All | All |
| Application | Nodejs | Node.js | All | All | All | All |
| Application | Nodejs | Node.js | 18.12.0 | All | All | All |
| Application | Nodejs | Node.js | 19.0.0 | All | All | All |
| Application | Openssl | Openssl | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | OpenSSL | OpenSSL | affected 3.0.0 3.0.7 semver | Not specified |
| ADP | Siemens | Calibre ICE | affected V2022.4 V2023.1 custom | Not specified |
| ADP | Siemens | Mcenter | affected V5.2.1 V5.3.0 custom | Not specified |
| ADP | Siemens | SCALANCE X204RNA HSR | affected V3.2.7 V3.2.8 custom | Not specified |
| ADP | Siemens | SCALANCE X204RNA PRP | affected V3.2.7 V3.2.8 custom | Not specified |
| ADP | Siemens | SCALANCE X204RNA EEC HSR | affected V3.2.7 V3.2.8 custom | Not specified |
| ADP | Siemens | SCALANCE X204RNA EEC PRP | affected V3.2.7 V3.2.8 custom | Not specified |
| ADP | Siemens | SCALANCE X204RNA EEC PRP/HSR | affected V3.2.7 V3.2.8 custom | Not specified |
| ADP | Siemens | SICAM GridPass | affected V1.80 V2.20 custom | Not specified |
| ADP | Siemens | SIMATIC RTLS Locating Manager | affected V2.13.0.0 V2.13.0.3 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.openssl.org Git - openssl.git/commitdiff | af854a3a-2127-422b-91ae-364da2661108 | git.openssl.org | Patch, Vendor Advisory |
| cert-portal.siemens.com/productcert/html/ssa-408105.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| www.openssl.org/news/secadv/20221101.txt | af854a3a-2127-422b-91ae-364da2661108 | www.openssl.org | Vendor Advisory |
| VU#794340 - OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly | af854a3a-2127-422b-91ae-364da2661108 | www.kb.cert.org | |
| www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00789.html | af854a3a-2127-422b-91ae-364da2661108 | www.intel.com | |
| CISCO:20221028 Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022 | MITRE | tools.cisco.com | |
| Security Advisory | MITRE | psirt.global.sonicwall.com | |
| November 2022 OpenSSL Vulnerabilities in NetApp Products | NetApp Product Security | MITRE | security.netapp.com | |
| [SECURITY] Fedora 37 Update: openssl-3.0.5-3.fc37 - package-announce - Fedora Mailing-Lists | MITRE | lists.fedoraproject.org | |
| [SECURITY] Fedora 36 Update: openssl-3.0.5-2.fc36 - package-announce - Fedora Mailing-Lists | MITRE | lists.fedoraproject.org | |
| OpenSSL: Multiple Vulnerabilities (GLSA 202211-01) — Gentoo security | MITRE | security.gentoo.org | |
| OpenSSL Security Advisory 20221101 ≈ Packet Storm | MITRE | packetstormsecurity.com | |
| oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| git.openssl.org Git | MITRE | git.openssl.org | |
| [SECURITY] Fedora 36 Update: openssl-3.0.5-2.fc36 - package-announce - Fedora Mailing-Lists | MITRE | lists.fedoraproject.org | |
| [SECURITY] Fedora 37 Update: openssl-3.0.5-3.fc37 - package-announce - Fedora Mailing-Lists | MITRE | lists.fedoraproject.org | |
| oss-security - OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: Fwd: Node.js security updates for all active release lines, November 2022 | MITRE | www.openwall.com | |
| oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) | MITRE | www.openwall.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Viktor Dukhovni (en)
Legacy QID Mappings
- 160191 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-7288)
- 160192 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-9968)
- 160258 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-10004)
- 184506 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2022-3786)
- 199012 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5710-1)
- 199113 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5710-1)
- 199114 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5710-1)
- 199115 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5710-1)
- 199116 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5710-1)
- 199117 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5710-1)
- 240798 Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2022:7288)
- 283270 Fedora Security Update for Open Secure Sockets Layer (OpenSSL) (FEDORA-2022-502f096dce)
- 283442 Fedora Security Update for Open Secure Sockets Layer (OpenSSL) (FEDORA-2022-0f1d2e0537)
- 296086 Oracle Solaris 11.4 Support Repository Update (SRU) 51.132.1 Missing (CPUOCT2022)
- 296098 Oracle Solaris 11.4 Support Repository Update (SRU) 52.132.2 Missing (CPUOCT2022)
- 330128 IBM AIX Multiple Vulnerabilities in Open Secure Sockets Layer (OpenSSL) (openssl_advisory37)
- 354102 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2022-2022-157
- 354404 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2022-2022-157
- 355250 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2023-2023-051
- 355273 Amazon Linux Security Advisory for nodejs : ALAS2023-2023-084
- 377733 Open Secure Sockets Layer (OpenSSL) Less Than 3.0.7 Buffer Overflow Vulnerability (Scan Utility)
- 377881 Node.js Multiple Vulnerabilities (November 2022)
- 377934 Node.js Multiple Vulnerabilities (November 2022)
- 38879 Open Secure Sockets Layer (OpenSSL) Less Than 3.0.7 Buffer Overflow Vulnerability
- 43945 FortiOS - Unauthorized Command Execution Vulnerability (FG-IR-22-419)
- 502587 Alpine Linux Security Update for Open Secure Sockets Layer3 (OpenSSL3)
- 502747 Alpine Linux Security Update for nodejs
- 502755 Alpine Linux Security Update for openssl
- 503688 Alpine Linux Security Update for openssl3
- 520001 Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (CVE-2022-3602, CVE-2022-3786)
- 591335 Hitachi Energy PCU400 Reliance on Uncontrolled Component Multiple Vulnerabilities (ICSA-23-019-01, 8DBD 000137)
- 690972 Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (0844671c-5a09-11ed-856e-d4c9ef517024)
- 710678 Gentoo Linux Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (GLSA 202211-01)
- 752752 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL-3) (SUSE-SU-2022:3843-1)
- 753024 SUSE Enterprise Linux Security Update for openssl-3 (SUSE-SU-2022:4586-1)
- 940723 AlmaLinux Security Update for Open Secure Sockets Layer (OpenSSL) (ALSA-2022:7288)
- 960515 Rocky Linux Security Update for Open Secure Sockets Layer (OpenSSL) (RLSA-2022:7288)