CVE-2022-3602
HIGHOpenSSL 3.0.0-3.0.6 - Buffer Overflow in X.509 Certificate Name Constraint Checking
Title source: llmExploitation Summary
EIP tracks 8 public exploits for CVE-2022-3602. PoCs published by NCSC-NL, colmmacc, rbowes-r7.
AI-analyzed exploit summary This repository provides a comprehensive analysis and operational information regarding CVE-2022-3602 and CVE-2022-3786, including vulnerable software lists, detection rules, and references to official advisories. It does not contain exploit code but offers detailed technical context and community-contributed data.
Description
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).
Exploits (8)
This repository provides a comprehensive analysis and operational information regarding CVE-2022-3602 and CVE-2022-3786, including vulnerable software lists, detection rules, and references to official advisories. It does not contain exploit code but offers detailed technical context and community-contributed data.
This repository provides a detailed technical analysis of CVE-2022-3602, a punycode buffer overflow in OpenSSL. It explains the vulnerability's root cause, conditions for exploitation, and why it is unlikely to lead to RCE in most scenarios.
This repository contains functional proof-of-concept exploits for CVE-2022-3602 and CVE-2022-3786, both OpenSSL vulnerabilities. The PoCs demonstrate the vulnerabilities by leveraging crafted inputs to trigger buffer overflows and incorrect handling of punycode/periods in domain names.
This repository contains a functional proof-of-concept exploit for CVE-2022-3602, a buffer overflow vulnerability in OpenSSL 3.0 < 3.0.7. The exploit demonstrates a denial-of-service (DoS) condition by sending a crafted certificate to the target server.
This repository contains a detection tool for CVE-2022-3602, which identifies vulnerable OpenSSL versions (3.0.0-3.0.6) and potential exploitation attempts via TLS v1.2. It generates notices for vulnerable servers and exploit attempts, including punycode-based attacks.
This repository contains a Python script that scans for OpenSSL servers vulnerable to CVE-2022-3602 and CVE-2022-3786 by detecting whether client certificate authentication is required. It does not exploit the vulnerabilities but identifies potentially vulnerable systems.
This repository contains a functional proof-of-concept exploit for CVE-2022-3602, demonstrating a buffer overflow vulnerability in OpenSSL's punycode decoding function. The exploit uses a crafted input to trigger the overflow, showcasing the vulnerability in a controlled manner.
This repository contains a scanner for detecting vulnerable OpenSSL versions affected by CVE-2022-3602. It checks for specific OpenSSL DLL versions on Windows and uses osquery for Linux/macOS systems.
References (42)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H