CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows

Brinqa has investigated the impact of vulnerability X.509 Email Address Buffer Overflows as reported by openssl.org. CVE-2022-2602 was reported in private to OpenSSL on 17th October 2022 by Polar Bear who was performing an audit of OpenSSL code. Subsequent analysis of that issue on 18th October 2022 by Viktor Dukhovni identified a second independently triggerable issue, CVE-2022-3786. On 25th October 2022 we notified various organizations under our Prenotification Policy. OpenSSL 3.0.7, which contains fixes for these issues, was released on 1st November 2022. **https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/

These vulnerabilities only affect OpenSSL 3.0.0 – 3.0.6. Brinqa uses OpenSSL 1.1.1x and is not affected by these vulnerabilities. No further action is required.

If you have any questions or concerns, please contact us at security@brinqa.com.

Read Next

< Prev

Grails Framework Remote Code Exception Vulnerability

Next >

CVE 2022-42889 Text4Shell