Vulnerabilities
By Date By Type Known Exploited Assigners CVSS Scores EPSS Scores Search
Vulnerable Software
Vendors Products Version Search
Metasploit Modules CWE Definitions
Articles Blog

Vulnerability Details : CVE-2022-3786

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.
Vulnerability category: OverflowDenial of service
Published 2022-11-01 18:15:11
Updated 2023-01-19 15:47:45
Source OpenSSL Software Foundation
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-3786

Probability of exploitation activity in the next 30 days: 0.17%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 54 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-3786

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Source
7.5
 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.9
3.6
 [email protected]

CWE ids for CVE-2022-3786

References for CVE-2022-3786

Products affected by CVE-2022-3786

This web site uses cookies for managing your session and website analytics (Google analytics) purposes as described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close