{"vuid":"VU#794340","idnumber":"794340","name":"OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly","keywords":null,"overview":"### Overview\r\n\r\nTwo buffer overflow vulnerabilities were discovered in OpenSSL versions 3.0.0 through 3.0.6. These vulnerabilities were introduced in version 3.0.0 with the inclusion of support for punycode email address parsing for X.509 certificates.   OpenSSL's assessment of the severity of the vulnerabilities has [reduced from CRITICAL to HIGH](https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/), and OpenSSL 3.0.7 addresses the issues.\r\n\r\n### Description\r\n\r\nTwo buffer overflows have been reported in the OpenSSL 3.0.x branch prior to version 3.0.7 that, when exploited, may lead to denial of services or, in some cases, remote code execution in the vulnerable target environment. OpenSSL client and server implementations that use the vulnerable libraries are affected.  The server implementation also requires that [TLS client authentication](https://www.rfc-editor.org/rfc/rfc4346#appendix-F.1.1) is enabled in order to attack, and potentially exploit, a vulnerable target.   [OpenSSL provides details:](https://gist.github.com/FiloSottile/611fc3fa95c3aceebf2580983f76148c) \r\n\r\n\r\n```\r\n* Fixed two buffer overflows in punycode decoding functions.\r\n\r\n   A buffer overrun can be triggered in X.509 certificate verification,\r\n   specifically in name constraint checking. Note that this occurs after\r\n   certificate chain signature verification and requires either a CA to\r\n   have signed the malicious certificate or for the application to continue\r\n   certificate verification despite failure to construct a path to a trusted\r\n   issuer.\r\n\r\n   In a TLS client, this can be triggered by connecting to a malicious\r\n   server.  In a TLS server, this can be triggered if the server requests\r\n   client authentication and a malicious client connects.\r\n\r\n   An attacker can craft a malicious email address to overflow\r\n   an arbitrary number of bytes containing the `.`  character (decimal 46)\r\n   on the stack.  This buffer overflow could result in a crash (causing a\r\n   denial of service).\r\n   ([CVE-2022-3786])\r\n\r\n   An attacker can craft a malicious email address to overflow four\r\n   attacker-controlled bytes on the stack.  This buffer overflow could\r\n   result in a crash (causing a denial of service) or potentially remote code\r\n   execution depending on stack layout for any given platform/compiler.\r\n   ([CVE-2022-3602])\r\n```\r\n\r\nOpenSSL versions 1.1.1 and 1.0.2 are not affected.\r\n\r\nCERT/CC is unaware of any exploitation of this vulnerability at this time.\r\n\r\n### Impact\r\nSuccessful exploitation could lead to denial of service or remote execution of arbitrary code in the target environment.\r\n\r\n### Solution\r\nAny services depending on versions of OpenSSL 3.0.x prior to OpenSSL 3.0.7 should be upgraded to version 3.0.7 or later.  Operators may also consider temporarily disabling TLS client authentication until applying an update.\r\n\r\n### Acknowledgements\r\nThanks to OpenSSL for coordinating and remediating the vulnerability. Polar Bear is credited as having discovered CVE-2022-3602. Viktor Dukhovni is reported as the source of CVE-2022-3786.\r\n\r\nThis document was written by Kevin Stephens, Eric Hatleback, Vijay Sarvepalli, and Jeffrey S. Havrilla.","clean_desc":null,"impact":null,"resolution":null,"workarounds":null,"sysaffected":null,"thanks":null,"author":null,"public":["https://www.openssl.org/news/secadv/20221101.txt","https://gist.github.com/FiloSottile/611fc3fa95c3aceebf2580983f76148c","https://github.com/NCSC-NL/OpenSSL-2022/tree/main/software","https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/"],"cveids":["CVE-2022-3786","CVE-2022-3602"],"certadvisory":null,"uscerttechnicalalert":null,"datecreated":"2022-11-01T23:01:07.634209Z","publicdate":"2022-11-01T04:00:00Z","datefirstpublished":"2022-11-01T23:01:07.697319Z","dateupdated":"2024-03-08T18:27:32.583144Z","revision":32,"vrda_d1_directreport":null,"vrda_d1_population":null,"vrda_d1_impact":null,"cam_widelyknown":null,"cam_exploitation":null,"cam_internetinfrastructure":null,"cam_population":null,"cam_impact":null,"cam_easeofexploitation":null,"cam_attackeraccessrequired":null,"cam_scorecurrent":null,"cam_scorecurrentwidelyknown":null,"cam_scorecurrentwidelyknownexploited":null,"ipprotocol":null,"cvss_accessvector":null,"cvss_accesscomplexity":null,"cvss_authentication":null,"cvss_confidentialityimpact":null,"cvss_integrityimpact":null,"cvss_availabilityimpact":null,"cvss_exploitablity":null,"cvss_remediationlevel":null,"cvss_reportconfidence":null,"cvss_collateraldamagepotential":null,"cvss_targetdistribution":null,"cvss_securityrequirementscr":null,"cvss_securityrequirementsir":null,"cvss_securityrequirementsar":null,"cvss_basescore":null,"cvss_basevector":null,"cvss_temporalscore":null,"cvss_environmentalscore":null,"cvss_environmentalvector":null,"metric":null,"vulnote":76}