CVE-2022-3786: X.509 Email Address Variable Length Buffer Overflow

First published: Tue Nov 01 2022(Updated: )

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.

Credit: openssl-security@openssl.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/references
• agent/type
• agent/softwarecombine
• agent/weakness
• agent/severity
• agent/author
• agent/remedy
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• agent/title
• agent/description
• agent/first-publish-date
• agent/event
• agent/tags
• collector/ibm-support
• source/IBM
• agent/software-canonical-lookup
• vendor/openssl
• canonical/openssl openssl
• version/openssl openssl/3.0.0
• vendor/fedoraproject
• canonical/fedoraproject fedora
• version/fedoraproject fedora/36
• version/fedoraproject fedora/37
• vendor/nodejs
• canonical/nodejs node.js
• version/nodejs node.js/18.0.0
• version/nodejs node.js/18.12.0
• version/nodejs node.js/19.0.0
• vendor/ibm
• canonical/ibm security verify privilege on-premises
• version/ibm security verify privilege on-premises/all