Bug 2137723 (CVE-2022-3602) - CVE-2022-3602 OpenSSL: X.509 Email Address Buffer Overflow
Summary: CVE-2022-3602 OpenSSL: X.509 Email Address Buffer Overflow
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-3602
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2137727 2137728 2137729 2137730 2139149 2139150
Blocks: 2137628
TreeView+ depends on / blocked
 
Reported: 2022-10-26 02:05 UTC by Huzaifa S. Sidhpurwala
Modified: 2022-11-10 11:13 UTC (History)
82 users (show)

Fixed In Version: openssl 3.0.7
Doc Type: If docs needed, set a value
Doc Text:
A stack-based buffer overflow was found in the way OpenSSL processes X.509 certificates with a specially crafted email address field. This issue could cause a server or a client application compiled with OpenSSL to crash when trying to process the malicious certificate.
Clone Of:
Environment:
Last Closed: 2022-11-10 11:13:23 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:7426 0 None None None 2022-11-03 17:58:07 UTC
Red Hat Product Errata RHBA-2022:7429 0 None None None 2022-11-04 17:26:33 UTC
Red Hat Product Errata RHSA-2022:7288 0 None None None 2022-11-01 18:36:08 UTC
Red Hat Product Errata RHSA-2022:7384 0 None None None 2022-11-02 18:48:56 UTC

Description Huzaifa S. Sidhpurwala 2022-10-26 02:05:41 UTC 
As per upstream report:

A buffer overrun can be triggered by sending an X.509 certificate with a specially crafted email address field to a vulnerable client or server. This can result in an overflow of four attacker-controlled bytes on the stack. This could result in a crash (causing a denial of service) or possibly result in remote code execution.

The most common situation where this can be triggered is when a server requests client authentication after a malicious client connects. The converse of a client connecting to a malicious server is also believed to be vulnerable in the same manner.

OpenSSL versions 3.0.0 to 3.0.6 are vulnerable to this attack.

OpenSSL 3.0 users should upgrade to OpenSSL 3.0.7.

OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.
Comment 7 Sandipan Roy 2022-11-01 16:12:04 UTC 
Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 2139149]


Created openssl3 tracking bugs for this issue:

Affects: epel-all [bug 2139150]
Comment 8 Sandipan Roy 2022-11-01 16:12:19 UTC 
The flaw is Public Now, Lifting Embargoed.
https://www.openssl.org/news/secadv/20221101.txt
Comment 9 errata-xmlrpc 2022-11-01 18:36:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:7288 https://access.redhat.com/errata/RHSA-2022:7288
Comment 11 errata-xmlrpc 2022-11-02 18:48:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:7384 https://access.redhat.com/errata/RHSA-2022:7384
Note You need to log in before you can comment on or make changes to this bug.