cbcvebase.
CVE-2022-3786
published 2022-11-01

CVE-2022-3786: A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain…

PriorityP264high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
91.15%
99.8th percentile
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.

Affected

23 ranges
VendorProductVersion rangeFixed in
debianopenssl< openssl 3.0.7-1 (bookworm)openssl 3.0.7-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
msrcazure_sdk_for_c
msrcmicrosoft_azure_kubernetes_service
msrcvcpkg
nodejsnode.js
nodejsnode.js
nodejsnode.js>= 18.0.0 < 18.11.018.11.0
opensslopenssl>= 0 < 3.0.7-13.0.7-1
opensslopenssl>= 0 < 3.0.7-13.0.7-1
opensslopenssl>= 0 < 3.0.7-13.0.7-1
opensslopenssl>= 0 < 3.0.2-0ubuntu1.73.0.2-0ubuntu1.7
opensslopenssl>= 3.0.0 < 3.0.73.0.7
paloaltocortex_data
paloaltocortex_xdr
paloaltocortex_xpanse
paloaltocortex_xsoar
paloaltoglobalprotect
paloaltopan-os
paloaltoprisma_access
paloaltoprisma_cloud
paloaltoprisma_sd

Detection & IOCsextracted from sources · hover to see the quote

commandsudo dpkg -S /usr/lib/x86_64-linux-gnu/libssl.so.3
commandrepoquery --all --pkgnarrow=installed --qf="%{NAME} %{VERSION} %{RELEASE}" | grep openssl
commandrpm -qa --queryformat "%{NAME} %{VERSION} %{RELEASE}\n" | grep openssl
commanddpkg-query -W -f="${Package},${Version}\n" | grep openssl
path/usr/lib/x86_64-linux-gnu/libssl.so.3
  • CVE-2022-3786 is exploitable via a malicious X.509 certificate containing a crafted email address in the Subject Alternative Name (SAN) name constraint field; the overflow is triggered during certificate chain verification in the punycode decoder component of libcrypto. Look for TLS handshakes presenting certificates with anomalously long or malformed email-type SAN entries.
  • The vulnerability is located in the punycode decoder component of the OpenSSL libcrypto library, within the X.509 name constraint checking code path. Crash/DoS of a TLS service (unexpected process termination of an OpenSSL 3.0.x process) following a TLS handshake is a strong indicator of exploitation.
  • For TLS servers, exploitation requires the server to be configured for mutual TLS (mTLS / client authentication). Monitor for unexpected crashes of mTLS-enabled services running OpenSSL 3.0.0–3.0.6 after receiving a client certificate.
  • At least one public proof-of-concept (PoC) exploit exists that crashes the vulnerable system (DoS). Monitor threat intel feeds for more capable PoCs enabling RCE.
  • Exploitation occurs after certificate chain signature verification, meaning the attacker must either control a CA-signed certificate or exploit an application that continues verification despite path-building failure. Prioritize internet-facing TLS endpoints running OpenSSL 3.0.0–3.0.6.
  • ·CVE-2022-3786 only affects OpenSSL versions 3.0.0 through 3.0.6; OpenSSL 1.x is NOT affected. The vast majority of deployed OpenSSL instances (98.5% per Wiz data) are unaffected older versions.
  • ·TLS server exploitation requires the server to be explicitly configured to request client authentication (mTLS). Standard TLS servers that do not request client certificates are not directly exploitable via the server-side attack vector.
  • ·Many platforms implement stack overflow protections (e.g., stack canaries, ASLR) which mitigate the risk of RCE; CVE-2022-3786 is primarily a DoS (crash) risk due to the overflow being constrained to '.' (0x2E) bytes only.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_cisco7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.