What is CVE-2022-4203?

CVE-2022-4203 is a vulnerability in OpenSSL that allows a read buffer overrun in X.509 certificate verification.

How does CVE-2022-4203 occur?

CVE-2022-4203 occurs during name constraint checking in X.509 certificate verification.

What is the severity of CVE-2022-4203?

The severity of CVE-2022-4203 is medium with a severity value of 4.9.

Which versions of OpenSSL are affected by CVE-2022-4203?

OpenSSL versions 3.0.0 to 3.0.8 are affected by CVE-2022-4203.

How can I fix CVE-2022-4203?

To fix CVE-2022-4203, update OpenSSL to version 3.0.1-47.el9_1 or higher.

Vulnerability/
CVE-2022-4203

critical

9.1

CWE

119 125

25/1/2023

7/2/2023

8/2/2023

24/2/2023

5/2/2024

CVE-2022-4203: X.509 Name Constraints Read Buffer Overflow

First published: Wed Jan 25 2023(Updated: )

A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer.

Credit: openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org

Affected Software	Affected Version	How to fix
redhat/openssl	<1:3.0.1-47.el9_1	1:3.0.1-47.el9_1
redhat/openssl	<1:3.0.1-46.el9_0	1:3.0.1-46.el9_0
OpenSSL OpenSSL	>=3.0.0<3.0.8
ubuntu/openssl	<3.0.2-0ubuntu1.8	3.0.2-0ubuntu1.8
ubuntu/openssl	<3.0.5-2ubuntu2.1	3.0.5-2ubuntu2.1
ubuntu/openssl	<3.0.8	3.0.8
ubuntu/openssl	<3.0.8-1ubuntu1	3.0.8-1ubuntu1
ubuntu/openssl	<3.0.8-1ubuntu1	3.0.8-1ubuntu1
debian/openssl		1.1.1n-0+deb10u3 1.1.1n-0+deb10u6 1.1.1w-0+deb11u1 1.1.1n-0+deb11u5 3.0.11-1~deb12u2 3.1.4-2 3.1.5-1
rust/openssl-src	>=300.0.0<300.0.12	300.0.12

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2022-4203?
CVE-2022-4203 is a vulnerability in OpenSSL that allows a read buffer overrun in X.509 certificate verification.
How does CVE-2022-4203 occur?
CVE-2022-4203 occurs during name constraint checking in X.509 certificate verification.
What is the severity of CVE-2022-4203?
The severity of CVE-2022-4203 is medium with a severity value of 4.9.
Which versions of OpenSSL are affected by CVE-2022-4203?
OpenSSL versions 3.0.0 to 3.0.8 are affected by CVE-2022-4203.
How can I fix CVE-2022-4203?
To fix CVE-2022-4203, update OpenSSL to version 3.0.1-47.el9_1 or higher.

collector/redhat-cve
collector/nvd-index
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2022-4203
agent/remedy
collector/usn-cve
source/Ubuntu
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/title
agent/weakness
collector/nvd-api
source/NVD
agent/author
collector/security-tracker-debian
source/Debian
collector/nvd-cve
collector/github-advisory-latest
source/GitHub
alias/GHSA-w67w-mw4j-8qrv
agent/last-modified-date
agent/severity
agent/references
agent/softwarecombine
agent/tags
agent/description
agent/event
collector/github-advisory
package-manager/redhat
vendor/openssl
canonical/openssl openssl
version/openssl openssl/3.0.0
package-manager/ubuntu
package-manager/debian
package-manager/rust