CVE-2022-4203Out-of-bounds Read in Openssl

CWE-125Out-of-bounds Read15 documents8 sources
Severity
4.9MEDIUMNVD
EPSS
0.6%
top 30.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
OpensslDebian OpensslPaloalto Cortex Data+8 more
Timeline
PublishedFeb 24
Latest updateMar 6

Description

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. The read buffer overrun might result in a crash which could lead to a denial of service attack. In theory it could also result in t

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages14 packages

debiandebian/openssl< openssl 3.0.8-1 (bookworm)
NVDopenssl/openssl3.0.03.0.8
Alpineopenssl/openssl< 3.0.8-r0+6
Debianopenssl/openssl< 3.0.8-1+2
Ubuntuopenssl/openssl< 1.1.1-1ubuntu2.1~18.04.21+2

Patches

Patch: git.openssl.orgPatch: git.openssl.org

🔴Vulnerability Details

6
OSV
CVE-2022-4203: A read buffer overrun can be triggered in X2023-02-24
OSV
CVE-2022-4203: A read buffer overrun can be triggered in X2023-02-24
GHSA
openssl-src contains Read Buffer Overflow in X.509 Name Constraint2023-02-08
OSV
openssl-src contains Read Buffer Overflow in X.509 Name Constraint2023-02-08
OSV
openssl vulnerabilities2023-02-07

📋Vendor Advisories

8
CISA ICS
Hitachi Energy PCU4002025-03-06
CISA ICS
Siemens SINEC NMS2024-02-15
CISA ICS
Siemens SCALANCE Family Products2023-11-16
CISA ICS
​ICONICS and Mitsubishi Electric Products2023-08-17
Palo Alto
PAN-SA-2023-0001 Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 20232023-02-08
CVE-2022-4203 — Out-of-bounds Read in Openssl | cvebase