virus logo Endpoint Vulnerability

OpenSSL CVE-2022-3602 Out of Bounds Write Vulnerability

description-logoDescription

Buffer overflow in X.509 name constraint checking during certificate verification can cause denial of service or remote code execution in OpenSSL 3.0.0-3.0.6.

description-logoOutbreak Alert

An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack in X.509 certificate verification, specifically, in name constraint checking. This buffer overflow could result in a crash which can cause a denial of service or potentially a remote code execution.

View the full Outbreak Alert Report

affected-products-logoAffected Applications

OpenSSL

Version Updates

Date Version Status Detail
2022-11-04 1.00353
New
 OpenSSL

References

https://www.openssl.org/news/vulnerabilities.html
ID 73658
Created Nov 03, 2022
Description
Updated		 Jan 10, 2026
CVE ID
Tags OpenSSL Buffer Overflow Threat Signal
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor OpenSSL
Patch manual
Application OpenSSL