• Language chooser
    • USA (English)
    • France (Français)

virus logo Outbreak Alert

OpenSSL Buffer Overflow Vulnerability

Released: Apr 11, 2022

Download PDF »

OpenSSL Buffer Overflow

High Severity

OpenSSL Platform

Vulnerability Type

X.509 certificate verification 4-byte buffer overflow

An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack in X.509 certificate verification, specifically, in name constraint checking. This buffer overflow could result in a crash which can cause a denial of service or potentially a remote code execution. Learn More »

Common Vulnerabilities and Exposures

CVE-2022-3602
CVE-2022-3786

Background

OpenSSL is a full-featured Open Source Toolkit for the Transport Layer Security (TLS) protocol formerly known as the Secure Sockets Layer (SSL) protocol. It is widely used by internet servers, including the majority of HTTPS websites. Because of its widespread use and implementation, vulnerabilities in OpenSSL becomes significant in nature and could lead to information leaks. This particular issue was privately reported to OpenSSL on 17th October 2022 and users are encouraged to upgrade to a new version as soon as possible.

Threat Radar Overall Score:
CVSS Rating 7.0
FortiRecon Score 79/100
Known Exploited No
Exploit Prediction Score 6.22%
FortiGuard Telemetry 1

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


October 25, 2022: OpenSSL pre-announced v3.0.7, a security-fix release addressing the buffer overflow vulnerability to be released on 1st November 2022. https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html


01 November, 2022: OpenSSL released a security advisory: https://www.openssl.org/news/secadv/20221101.txt
01 November, 2022: OpenSSL Security Team posted a blog: https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • Vulnerability

  • IPS

DETECT

  • Outbreak Detection

  • Threat Hunting

  • Content Update

RESPOND

  • Automated Response

  • Assisted Response Services

RECOVER

  • InfoSec Services

IDENTIFY

  • Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...