2153239 – (CVE-2022-3996) CVE-2022-3996 openssl: double locking leads to denial of service

Bug 2153239 (CVE-2022-3996) - CVE-2022-3996 openssl: double locking leads to denial of service

Summary: CVE-2022-3996 openssl: double locking leads to denial of service

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2022-3996
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2153028
TreeView+	depends on / blocked

Reported:	2022-12-14 10:45 UTC by Sandipan Roy
Modified:	2022-12-20 03:12 UTC (History)
CC List:	20 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in OpenSSL. This security flaw occurs if an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows), this issue results in a denial of service when the affected process hangs. Policy processing enabled on a publicly-facing server is not considered a standard setup. Policy processing is enabled by passing the `-policy' argument to the command line utilities or by calling either the` X509_VERIFY_PARAM_add0_policy()' or `X509_VERIFY_PARAM_set1_policies()' functions.
Clone Of:
Environment:
Last Closed:	2022-12-15 16:48:33 UTC
Embargoed:

Attachments	(Terms of Use)

Description Sandipan Roy 2022-12-14 10:45:55 UTC

If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the `-policy' argument to the command line utilities or by calling either `X509_VERIFY_PARAM_add0_policy()' or `X509_VERIFY_PARAM_set1_policies()' functions.

https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7
https://www.openssl.org/news/secadv/20221213.txt

Comment 1 Product Security DevOps Team 2022-12-15 16:48:31 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-3996

Note You need to log in before you can comment on or make changes to this bug.

berrange
bootloader-eng-team
chorn
cllang
csutherl
dbelyavs
ddepaula
jclere
jferlan
jwon
kraxel
mmadzin
mturk
pbonzini
peholase
pjindal
plodge
rh-spice-bugs
szappis
virt-maint