all InfoSec news
Security Advisory for OpenSSL Vulnerabilities CVE-2022-3602 & CVE-2022-3786
Security Boulevard securityboulevard.com
Background
On 01-Nov-2022, OpenSSL published an advisory about two high-severity security flaws - CVE-2022-3786 (“X.509 Email Address Variable Length Buffer Overflow”) and CVE-2022-3602 (“X.509 Email Address 4-byte Buffer Overflow”). These vulnerabilities affect OpenSSL version 3.0.0 and later and have been addressed in OpenSSL 3.0.7.
What is the issue?
The following vulnerability details were published in the OpenSSL security advisory earlier today:
CVE-2022-3786
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. This occurs after …
advisory cve cve-2022-3602 cve-2022-3786 openssl openssl vulnerabilities security security advisory vulnerabilities