CVE-2022-3786

Summary

CVE	CVE-2022-3786
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-11-01 18:15:00 UTC
Updated	2023-11-07 03:51:00 UTC
Description	A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.

Risk And Classification

Problem Types: CWE-120

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Fedoraproject	Fedora	36	All	All	All
Operating System	Fedoraproject	Fedora	37	All	All	All
Application	Nodejs	Node.js	All	All	All	All
Application	Nodejs	Node.js	18.12.0	All	All	All
Application	Nodejs	Node.js	19.0.0	All	All	All
Application	Openssl	Openssl	All	All	All	All

References

Reference	Source	Link	Tags
www.openssl.org/news/secadv/20221101.txt	CONFIRM	www.openssl.org
oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
git.openssl.org Git - openssl.git/commitdiff	MISC	git.openssl.org
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
[SECURITY] Fedora 36 Update: openssl-3.0.5-2.fc36 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
Security Advisory	CONFIRM	psirt.global.sonicwall.com
20221028 Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022	CISCO	tools.cisco.com
OpenSSL: Multiple Vulnerabilities (GLSA 202211-01) — Gentoo security	GENTOO	security.gentoo.org
VU#794340 - OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly	CERT-VN	www.kb.cert.org
oss-security - Re: Fwd: Node.js security updates for all active release lines, November 2022	MLIST	www.openwall.com
oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
[SECURITY] Fedora 37 Update: openssl-3.0.5-3.fc37 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
OpenSSL Security Advisory 20221101 ≈ Packet Storm	MISC	packetstormsecurity.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
git.openssl.org Git	MISC	git.openssl.org
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
November 2022 OpenSSL Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MISC	www.openwall.com
oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MISC	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
[SECURITY] Fedora 36 Update: openssl-3.0.5-2.fc36 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
[SECURITY] Fedora 37 Update: openssl-3.0.5-3.fc37 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MISC	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
oss-security - Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)	MLIST	www.openwall.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

160191 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-7288)
160192 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-9968)
160258 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-10004)
184506 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2022-3786)
199012 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5710-1)
199113 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5710-1)
199114 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5710-1)
199115 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5710-1)
199116 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5710-1)
199117 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5710-1)
240798 Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2022:7288)
283270 Fedora Security Update for Open Secure Sockets Layer (OpenSSL) (FEDORA-2022-502f096dce)
283442 Fedora Security Update for Open Secure Sockets Layer (OpenSSL) (FEDORA-2022-0f1d2e0537)
296086 Oracle Solaris 11.4 Support Repository Update (SRU) 51.132.1 Missing (CPUOCT2022)
296098 Oracle Solaris 11.4 Support Repository Update (SRU) 52.132.2 Missing (CPUOCT2022)
330128 IBM AIX Multiple Vulnerabilities in Open Secure Sockets Layer (OpenSSL) (openssl_advisory37)
354102 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2022-2022-157
354404 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2022-2022-157
355250 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2023-2023-051
355273 Amazon Linux Security Advisory for nodejs : ALAS2023-2023-084
377733 Open Secure Sockets Layer (OpenSSL) Less Than 3.0.7 Buffer Overflow Vulnerability (Scan Utility)
377881 Node.js Multiple Vulnerabilities (November 2022)
377934 Node.js Multiple Vulnerabilities (November 2022)
38879 Open Secure Sockets Layer (OpenSSL) Less Than 3.0.7 Buffer Overflow Vulnerability
43945 FortiOS - Unauthorized Command Execution Vulnerability (FG-IR-22-419)
502587 Alpine Linux Security Update for Open Secure Sockets Layer3 (OpenSSL3)
502747 Alpine Linux Security Update for nodejs
502755 Alpine Linux Security Update for openssl
503688 Alpine Linux Security Update for openssl3
520001 Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (CVE-2022-3602, CVE-2022-3786)
591335 Hitachi Energy PCU400 Reliance on Uncontrolled Component Multiple Vulnerabilities (ICSA-23-019-01, 8DBD 000137)
690972 Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (0844671c-5a09-11ed-856e-d4c9ef517024)
710678 Gentoo Linux Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (GLSA 202211-01)
752752 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL-3) (SUSE-SU-2022:3843-1)
753024 SUSE Enterprise Linux Security Update for openssl-3 (SUSE-SU-2022:4586-1)
940723 AlmaLinux Security Update for Open Secure Sockets Layer (OpenSSL) (ALSA-2022:7288)
960515 Rocky Linux Security Update for Open Secure Sockets Layer (OpenSSL) (RLSA-2022:7288)