CVE-2022-3786

HIGH LAB

Openssl < 3.0.7 - Buffer Overflow

Title source: rule

Description

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.

Exploits (2)

github WORKING POC 17 stars
by rbowes-r7 · cpoc
https://github.com/rbowes-r7/cve-2022-3602-and-cve-2022-3786-openssl-poc/tree/main/cve-2022-3786-periods.c
nomisec WORKING POC 5 stars
by WhatTheFuzz · poc
https://github.com/WhatTheFuzz/openssl-fuzz

References (5)

Scores

CVSS v3 7.5
EPSS 0.2662
EPSS Percentile 96.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Lab Environment

COMMUNITY
Community Lab
docker pull aflplusplus/aflplusplus

Details

CWE
CWE-120
Status published
Products (8)
crates.io/openssl-src 300.0.0 - 300.0.11crates.io
fedoraproject/fedora 36
fedoraproject/fedora 37
nodejs/node.js 18.12.0
nodejs/node.js 19.0.0
nodejs/node.js 18.0.0 - 18.11.0
openssl/openssl 3.0.0 - 3.0.7
OpenSSL/OpenSSL 3.0.0 - 3.0.7
Published Nov 01, 2022
Tracked Since Feb 18, 2026