Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2022-3996

Published: 13/12/2022 Updated: 07/11/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Openssl

Vulnerability Summary

If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Update (31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl

Vendor Advisories

Debian CVElist Bug Report Logs: openssl: CVE-2022-3996: X.509 Policy Constraints Double Locking
Debian Bug report logs - #1027102 openssl: CVE-2022-3996: X509 Policy Constraints Double Locking Package: src:openssl; Maintainer for src:openssl is Debian OpenSSL Team <pkg-openssl-devel@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 27 Dec 2022 20:09:01 UTC Severity: imp ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: If an X509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs Policy processing being ...
Palo Alto Networks Security Advisory: PAN-SA-2022-0007 Impact of OpenSSL 3.0 Vulnerability CVE-2022-3996
PAN-SA-2022-0007 Impact of OpenSSL 30 Vulnerability CVE-2022-3996 ...

Github Repositories

https://github.com/CrowdStrike/ivan

Falcon Image Vulnerability Analysis (IVAN) is a command-line image assessment tool.

Overview Falcon Image Vulnerability Analysis (IVAN) is a command-line image assessment tool It works by creating an inventory of packages on an image and then sending the package metadata to the CrowdStrike cloud for assessment IVAN results are returned as a JSON report in the terminal IVAN differs from other methods of image assessment because only the image metadata is upl

References

CWE-667https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7https://www.openssl.org/news/secadv/20221213.txthttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027102https://nvd.nist.govhttps://github.com/CrowdStrike/ivanhttps://access.redhat.com/security/cve/cve-2022-3996
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook