CVE-2022-3602: OpenSSL3 CVE-2022-3602 CVE-2022-3786 vulnerabilities
First published: Fri Oct 28 2022(Updated: )
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.
Credit: openssl-security@openssl.org openssl-security@openssl.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| rust/openssl-src | >=300.0.0<300.0.11 | 300.0.11 |
| OpenSSL OpenSSL | >=3.0.0<3.0.7 | |
| Fedoraproject Fedora | =36 | |
| Fedoraproject Fedora | =37 | |
| NetApp Clustered Data ONTAP | ||
| Fedoraproject Fedora | =26 | |
| Fedoraproject Fedora | =27 | |
| Nodejs Node.js | >=18.0.0<18.11.0 | |
| Nodejs Node.js | =18.12.0 | |
| Nodejs Node.js | =19.0.0 | |
| IBM Security Verify Privilege On-Premises | <=All |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/rustsec/advisory-db/pull/1452
- https://github.com/alexcrichton/openssl-src-rs/commit/4a31c14f31e1a08c18893a37e304dd1dd4b7daa3
- https://rustsec.org/advisories/RUSTSEC-2022-0064.html
- https://www.openssl.org/news/secadv/20221101.txt
- https://github.com/openssl/openssl/commit/fe3b639dc19b325846f4f6801f2f4604f56e3de3
- https://nvd.nist.gov/vuln/detail/CVE-2022-3602
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fe3b639dc19b325846f4f6801f2f4604f56e3de3
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023
- https://security.gentoo.org/glsa/202211-01
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a
- http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html
- http://www.openwall.com/lists/oss-security/2022/11/01/15
- http://www.openwall.com/lists/oss-security/2022/11/01/16
- http://www.openwall.com/lists/oss-security/2022/11/01/17
- http://www.openwall.com/lists/oss-security/2022/11/01/18
- http://www.openwall.com/lists/oss-security/2022/11/01/19
- http://www.openwall.com/lists/oss-security/2022/11/01/20
- http://www.openwall.com/lists/oss-security/2022/11/01/21
- http://www.openwall.com/lists/oss-security/2022/11/01/24
- http://www.openwall.com/lists/oss-security/2022/11/02/1
- http://www.openwall.com/lists/oss-security/2022/11/02/10
- http://www.openwall.com/lists/oss-security/2022/11/02/11
- http://www.openwall.com/lists/oss-security/2022/11/02/12
- http://www.openwall.com/lists/oss-security/2022/11/02/2
- http://www.openwall.com/lists/oss-security/2022/11/02/3
- http://www.openwall.com/lists/oss-security/2022/11/02/5
- http://www.openwall.com/lists/oss-security/2022/11/02/6
- http://www.openwall.com/lists/oss-security/2022/11/02/7
- http://www.openwall.com/lists/oss-security/2022/11/02/9
- https://security.netapp.com/advisory/ntap-20221102-0001/
- https://www.kb.cert.org/vuls/id/794340
- http://www.openwall.com/lists/oss-security/2022/11/02/13
- http://www.openwall.com/lists/oss-security/2022/11/02/14
- http://www.openwall.com/lists/oss-security/2022/11/02/15
- http://www.openwall.com/lists/oss-security/2022/11/03/1
- http://www.openwall.com/lists/oss-security/2022/11/03/2
- http://www.openwall.com/lists/oss-security/2022/11/03/3
- http://www.openwall.com/lists/oss-security/2022/11/03/5
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/
- http://www.openwall.com/lists/oss-security/2022/11/03/10
- http://www.openwall.com/lists/oss-security/2022/11/03/11
- http://www.openwall.com/lists/oss-security/2022/11/03/6
- http://www.openwall.com/lists/oss-security/2022/11/03/7
- http://www.openwall.com/lists/oss-security/2022/11/03/9
- https://github.com/advisories/GHSA-8rwr-x37p-mx23 (Advisory)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/239161
- https://www.ibm.com/support/pages/node/7047202 (Advisory)
- https://www.fortiguard.com/psirt/cvrf/FG-IR-22-419
- https://www.fortiguard.com/psirt/FG-IR-22-419
Frequently Asked Questions
What is the severity of CVE-2022-3602?
The severity of CVE-2022-3602 is critical with a CVSS score of 9.8.
Which software is affected by CVE-2022-3602?
CVE-2022-3602 affects the rust/openssl-src package with versions between 300.0.0 and 300.0.11.
How can CVE-2022-3602 be exploited?
CVE-2022-3602 can be exploited by triggering a buffer overrun in X.509 certificate verification during name constraint checking.
What is the Common Weakness Enumeration (CWE) ID for CVE-2022-3602?
CVE-2022-3602 has a Common Weakness Enumeration (CWE) ID of 119, 120, and 787.
Where can I find more information about CVE-2022-3602?
More information about CVE-2022-3602 can be found in the following references: [GitHub Advisory](https://github.com/rustsec/advisory-db/pull/1452), [Commit on GitHub](https://github.com/alexcrichton/openssl-src-rs/commit/4a31c14f31e1a08c18893a37e304dd1dd4b7daa3), [RustSec Advisory](https://rustsec.org/advisories/RUSTSEC-2022-0064.html).
- collector/github-advisory-latest
- alias/GHSA-8rwr-x37p-mx23
- alias/CVE-2022-3602
- collector/github-advisory
- collector/nvd-index
- collector/nvd-cve
- agent/author
- agent/type
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/fortiguard-psirt-latest
- source/FortiGuard
- alias/CVE-2022-3786
- agent/first-publish-date
- collector/fortiguard-psirt
- agent/severity
- agent/title
- agent/references
- agent/tags
- agent/event
- agent/description
- agent/trending
- package-manager/rust
- vendor/openssl
- canonical/openssl openssl
- version/openssl openssl/3.0.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/36
- version/fedoraproject fedora/37
- vendor/netapp
- canonical/netapp clustered data ontap
- version/fedoraproject fedora/26
- version/fedoraproject fedora/27
- vendor/nodejs
- canonical/nodejs node.js
- version/nodejs node.js/18.0.0
- version/nodejs node.js/18.12.0
- version/nodejs node.js/19.0.0
- vendor/ibm
- canonical/ibm security verify privilege on-premises
- version/ibm security verify privilege on-premises/all