admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-11-04 12:00:34 +00:00
parent a8cbd18884
commit edf54f697e
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
1 changed files with 11 additions and 194 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

205
2022/3xxx/CVE-2022-3786.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6)."
"value": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects."
}
]
},
@ -39,7 +39,7 @@
"version": {
"version_data": [
{
"version_value": "Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6)",
"version_value": "3.0.0",
"version_affected": "="
}
]
@ -59,202 +59,19 @@
"name": "https://www.openssl.org/news/secadv/20221101.txt"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/15",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/01/15"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/16",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/01/16"
},
{
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a",
"refsource": "MISC",
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/21",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/01/21"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/19",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/01/19"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/18",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/01/18"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/20",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/01/20"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/24",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/01/24"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/17",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/01/17"
},
{
"url": "https://security.gentoo.org/glsa/202211-01",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202211-01"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023",
"refsource": "MISC",
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023"
},
{
"url": "https://www.kb.cert.org/vuls/id/794340",
"refsource": "MISC",
"name": "https://www.kb.cert.org/vuls/id/794340"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/02/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/02/6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/02/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/02/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/02/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/02/7"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/10",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/02/10"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/9",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/02/9"
},
{
"url": "http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/12",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/02/12"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/11",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/02/11"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/15",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/02/15"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/14",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/02/14"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/13",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/02/13"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221102-0001/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20221102-0001/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/03/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/03/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/03/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/03/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/03/7"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/03/6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/9",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/03/9"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/10",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/03/10"
},
{
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/11",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2022/11/03/11"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=c42165b5706e42f67ef8ef4c351a9a4c5d21639a",
"refsource": "MISC",
"name": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=c42165b5706e42f67ef8ef4c351a9a4c5d21639a"
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev",
"importer": "vulnxml2json5.py 2022-11-04 07:19:07.034873"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",