X.509 certificate verification 4-byte buffer overflow
An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack in X.509 certificate verification, specifically, in name constraint checking. This buffer overflow could result in a crash which can cause a denial of service or potentially a remote code execution. Learn More »
Common Vulnerabilities and Exposures
Background
OpenSSL is a full-featured Open Source Toolkit for the Transport Layer Security (TLS) protocol formerly known as the Secure Sockets Layer (SSL) protocol. It is widely used by internet servers, including the majority of HTTPS websites. Because of its widespread use and implementation, vulnerabilities in OpenSSL becomes significant in nature and could lead to information leaks. This particular issue was privately reported to OpenSSL on 17th October 2022 and users are encouraged to upgrade to a new version as soon as possible.
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
October 25, 2022: OpenSSL pre-announced v3.0.7, a security-fix release addressing the buffer overflow vulnerability to be released on 1st November 2022. https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html
01 November, 2022: OpenSSL released a security advisory: https://www.openssl.org/news/secadv/20221101.txt
01 November, 2022: OpenSSL Security Team posted a blog: https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
Vulnerability
-
IPS
-
Outbreak Detection
-
Threat Hunting
-
Content Update
-
Automated Response
-
Assisted Response Services
-
InfoSec Services
-
Attack Surface Monitoring (Inside & Outside)
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
References
Sources of information in support and relation to this Outbreak and vendor.