OpenSSL.X509.Punycode.Buffer.Overflow

description-logoDescription

This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in OpenSSL Project OpenSSL.
The vulnerability is due to improper validation when handling punycode encoding. A remote attacker could exploit the vulnerability by sending a crafted certificate. Successful exploitation could result in a denial of service condition or remote code execution on the affected system.

description-logoOutbreak Alert

An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack in X.509 certificate verification, specifically, in name constraint checking. This buffer overflow could result in a crash which can cause a denial of service or potentially a remote code execution.

View the full Outbreak Alert Report

affected-products-logoAffected Products

OpenSSL Project OpenSSL 3.0.0
OpenSSL Project OpenSSL 3.0.1
OpenSSL Project OpenSSL 3.0.2
OpenSSL Project OpenSSL 3.0.3
OpenSSL Project OpenSSL 3.0.4
OpenSSL Project OpenSSL 3.0.5
OpenSSL Project OpenSSL 3.0.6
OpenSSL Project OpenSSL prior to 3.0.7

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.openssl.org/news/secadv/20221101.txt

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2023-10-24 25.663 Sig Added
2022-11-15 22.440 Sig Added
2022-11-04 22.432