CVE-2022-4203

EUVD-2023-0809
A read buffer overrun can be triggered in X.509 certificate verification,
specifically in name constraint checking. Note that this occurs
after certificate chain signature verification and requires either a
CA to have signed the malicious certificate or for the application to
continue certificate verification despite failure to construct a path
to a trusted issuer.

The read buffer overrun might result in a crash which could lead to
a denial of service attack. In theory it could also result in the disclosure
of private memory contents (such as private keys, or sensitive plaintext)
although we are not aware of any working exploit leading to memory
contents disclosure as of the time of release of this advisory.

In a TLS client, this can be triggered by connecting to a malicious
server. In a TLS server, this can be triggered if the server requests
client authentication and a malicious client connects.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Affected Products (NVD)
VendorProductVersion
opensslopenssl
3.0.0 ≤
𝑥
< 3.0.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssl
bookworm
3.0.14-1~deb12u1
fixed
bookworm (security)
3.0.14-1~deb12u2
fixed
bullseye
1.1.1w-0+deb11u1
not-affected
bullseye (security)
1.1.1w-0+deb11u2
fixed
buster
not-affected
sid
3.3.2-2
fixed
trixie
3.3.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
edk2
bionic
not-affected
focal
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
trusty
ignored
xenial
not-affected
nodejs
bionic
not-affected
focal
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
trusty
not-affected
xenial
not-affected
openssl
bionic
not-affected
focal
not-affected
jammy
Fixed 3.0.2-0ubuntu1.8
released
kinetic
Fixed 3.0.5-2ubuntu2.1
released
lunar
Fixed 3.0.8-1ubuntu1
released
mantic
Fixed 3.0.8-1ubuntu1
released
trusty
not-affected
xenial
not-affected
openssl1.0
bionic
not-affected
focal
dne
jammy
dne
kinetic
dne
trusty
dne
xenial
dne
Common Weakness Enumeration
References
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc
https://security.gentoo.org/glsa/202402-08
https://www.openssl.org/news/secadv/20230207.txt
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003
https://security.gentoo.org/glsa/202402-08
https://www.openssl.org/news/secadv/20230207.txt