As per upstream report: A buffer overrun can be triggered by sending an X.509 certificate with a specially crafted email address field to a vulnerable client or server. This can result in an overflow of four attacker-controlled bytes on the stack. This could result in a crash (causing a denial of service) or possibly result in remote code execution. The most common situation where this can be triggered is when a server requests client authentication after a malicious client connects. The converse of a client connecting to a malicious server is also believed to be vulnerable in the same manner. OpenSSL versions 3.0.0 to 3.0.6 are vulnerable to this attack. OpenSSL 3.0 users should upgrade to OpenSSL 3.0.7. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.
Created openssl tracking bugs for this issue: Affects: fedora-all [bug 2139149] Created openssl3 tracking bugs for this issue: Affects: epel-all [bug 2139150]
The flaw is Public Now, Lifting Embargoed. https://www.openssl.org/news/secadv/20221101.txt
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:7288 https://access.redhat.com/errata/RHSA-2022:7288
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:7384 https://access.redhat.com/errata/RHSA-2022:7384