Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ubuntu-cve-2022-3602
Vulnerability from osv_ubuntu
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libssl3",
"binary_version": "3.0.2-0ubuntu1.7"
},
{
"binary_name": "openssl",
"binary_version": "3.0.2-0ubuntu1.7"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "openssl",
"purl": "pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.7?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.2-0ubuntu1.7"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.1.1l-1ubuntu1",
"3.0.0-1ubuntu1",
"3.0.1-0ubuntu1",
"3.0.2-0ubuntu1",
"3.0.2-0ubuntu1.1",
"3.0.2-0ubuntu1.2",
"3.0.2-0ubuntu1.4",
"3.0.2-0ubuntu1.5",
"3.0.2-0ubuntu1.6"
]
}
],
"aliases": [],
"details": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).",
"id": "UBUNTU-CVE-2022-3602",
"modified": "2026-04-22T07:41:21Z",
"published": "2022-11-01T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-3602"
},
{
"type": "REPORT",
"url": "https://www.openssl.org/news/secadv/20221101.txt"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5710-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
}
],
"related": [
"USN-5710-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "high",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2022-3602"
]
}
CVE-2022-3602 (GCVE-0-2022-3602)
Vulnerability from cvelistv5 – Published: 2022-11-01 00:00 – Updated: 2026-04-14 08:58- Buffer overflow
- CWE-787 - Out-of-bounds Write
| Vendor | Product | Version | |
|---|---|---|---|
| OpenSSL | OpenSSL |
Affected:
Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6)
|
|
| Siemens | Calibre ICE |
Affected:
V2022.4 , < V2023.1
(custom)
|
|
| Siemens | Mcenter |
Affected:
V5.2.1 , < V5.3.0
(custom)
|
|
| Siemens | SCALANCE X204RNA (HSR) |
Affected:
V3.2.7 , < V3.2.8
(custom)
|
|
| Siemens | SCALANCE X204RNA (PRP) |
Affected:
V3.2.7 , < V3.2.8
(custom)
|
|
| Siemens | SCALANCE X204RNA EEC (HSR) |
Affected:
V3.2.7 , < V3.2.8
(custom)
|
|
| Siemens | SCALANCE X204RNA EEC (PRP) |
Affected:
V3.2.7 , < V3.2.8
(custom)
|
|
| Siemens | SCALANCE X204RNA EEC (PRP/HSR) |
Affected:
V3.2.7 , < V3.2.8
(custom)
|
|
| Siemens | SICAM GridPass |
Affected:
V1.80 , < V2.20
(custom)
|
|
| Siemens | SIMATIC RTLS Locating Manager |
Affected:
V2.13.0.0 , < V2.13.0.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:13:04.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20221101.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3"
},
{
"name": "[oss-security] 20221101 OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/15"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/16"
},
{
"name": "20221028 Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/21"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/19"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/18"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/20"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/24"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/17"
},
{
"name": "GLSA-202211-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202211-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023"
},
{
"name": "VU#794340",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/794340"
},
{
"name": "FEDORA-2022-0f1d2e0537",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/"
},
{
"name": "FEDORA-2022-502f096dce",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/2"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/6"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/5"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/1"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/3"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/7"
},
{
"name": "[oss-security] 20221102 Re: Fwd: Node.js security updates for all active release lines, November 2022",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/10"
},
{
"name": "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/9"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html"
},
{
"name": "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/12"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/11"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/15"
},
{
"name": "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/14"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/13"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221102-0001/"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/1"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/2"
},
{
"name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/3"
},
{
"name": "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/5"
},
{
"name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/7"
},
{
"name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/6"
},
{
"name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/9"
},
{
"name": "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/10"
},
{
"name": "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/11"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00789.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:26:56.588972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:12:48.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "Calibre ICE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2023.1",
"status": "affected",
"version": "V2022.4",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mcenter",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.3.0",
"status": "affected",
"version": "V5.2.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204RNA (HSR)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2.8",
"status": "affected",
"version": "V3.2.7",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204RNA (PRP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2.8",
"status": "affected",
"version": "V3.2.7",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204RNA EEC (HSR)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2.8",
"status": "affected",
"version": "V3.2.7",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204RNA EEC (PRP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2.8",
"status": "affected",
"version": "V3.2.7",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204RNA EEC (PRP/HSR)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2.8",
"status": "affected",
"version": "V3.2.7",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM GridPass",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.20",
"status": "affected",
"version": "V1.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RTLS Locating Manager",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.13.0.3",
"status": "affected",
"version": "V2.13.0.0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T08:58:02.339Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-408105.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"status": "affected",
"version": "Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Polar Bear"
}
],
"datePublic": "2022-11-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6)."
}
],
"metrics": [
{
"other": {
"content": {
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#HIGH",
"value": "HIGH"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-03T00:00:00.000Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"url": "https://www.openssl.org/news/secadv/20221101.txt"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3"
},
{
"name": "[oss-security] 20221101 OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/15"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/16"
},
{
"name": "20221028 Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/21"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/19"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/18"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/20"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/24"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/17"
},
{
"name": "GLSA-202211-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202211-01"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023"
},
{
"name": "VU#794340",
"tags": [
"third-party-advisory"
],
"url": "https://www.kb.cert.org/vuls/id/794340"
},
{
"name": "FEDORA-2022-0f1d2e0537",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/"
},
{
"name": "FEDORA-2022-502f096dce",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/2"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/6"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/5"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/1"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/3"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/7"
},
{
"name": "[oss-security] 20221102 Re: Fwd: Node.js security updates for all active release lines, November 2022",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/10"
},
{
"name": "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/9"
},
{
"url": "http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html"
},
{
"name": "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/12"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/11"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/15"
},
{
"name": "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/14"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/13"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221102-0001/"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/1"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/2"
},
{
"name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/3"
},
{
"name": "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/5"
},
{
"name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/7"
},
{
"name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/6"
},
{
"name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/9"
},
{
"name": "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/10"
},
{
"name": "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/11"
}
],
"title": "X.509 Email Address 4-byte Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2022-3602",
"datePublished": "2022-11-01T00:00:00.000Z",
"dateReserved": "2022-10-19T00:00:00.000Z",
"dateUpdated": "2026-04-14T08:58:02.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
usn-5710-1
Vulnerability from osv_ubuntu
It was discovered that OpenSSL incorrectly handled certain X.509 Email Addresses. If a certificate authority were tricked into signing a specially-crafted certificate, a remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. The default compiler options for affected releases reduce the vulnerability to a denial of service. (CVE-2022-3602, CVE-2022-3786)
It was discovered that OpenSSL incorrectly handled applications creating custom ciphers via the legacy EVP_CIPHER_meth_new() function. This issue could cause certain applications that mishandled values to the function to possibly end up with a NULL cipher and messages in plaintext. (CVE-2022-3358)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2022-3358",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-3602",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "high",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-3786",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "high",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libssl3",
"binary_version": "3.0.2-0ubuntu1.7"
},
{
"binary_name": "openssl",
"binary_version": "3.0.2-0ubuntu1.7"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "openssl",
"purl": "pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.7?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.2-0ubuntu1.7"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.1.1l-1ubuntu1",
"3.0.0-1ubuntu1",
"3.0.1-0ubuntu1",
"3.0.2-0ubuntu1",
"3.0.2-0ubuntu1.1",
"3.0.2-0ubuntu1.2",
"3.0.2-0ubuntu1.4",
"3.0.2-0ubuntu1.5",
"3.0.2-0ubuntu1.6"
]
}
],
"aliases": [],
"details": "It was discovered that OpenSSL incorrectly handled certain X.509 Email\nAddresses. If a certificate authority were tricked into signing a\nspecially-crafted certificate, a remote attacker could possibly use this\nissue to cause OpenSSL to crash, resulting in a denial of service. The\ndefault compiler options for affected releases reduce the vulnerability to\na denial of service. (CVE-2022-3602, CVE-2022-3786)\n\nIt was discovered that OpenSSL incorrectly handled applications creating\ncustom ciphers via the legacy EVP_CIPHER_meth_new() function. This issue\ncould cause certain applications that mishandled values to the function to\npossibly end up with a NULL cipher and messages in plaintext.\n(CVE-2022-3358)\n",
"id": "USN-5710-1",
"modified": "2026-04-27T14:11:29Z",
"published": "2022-11-01T16:24:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5710-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-3358"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-3602"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-3786"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "openssl vulnerabilities",
"upstream": [
"UBUNTU-CVE-2022-3358",
"UBUNTU-CVE-2022-3602",
"UBUNTU-CVE-2022-3786"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.