CVE-2022-3996
Description
If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup.
Policy processing is enabled by passing the -policy' argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.
Update (31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openssl-srccrates.io | >= 300.0.0, < 300.0.12 | 300.0.12 |
Affected products
40- osv-coords39 versionspkg:apk/chainguard/libcrypto3pkg:apk/chainguard/libssl3pkg:apk/chainguard/opensslpkg:apk/chainguard/openssl-configpkg:apk/chainguard/openssl-dbgpkg:apk/chainguard/openssl-devpkg:apk/chainguard/openssl-docpkg:apk/chainguard/openssl-engine-afalgpkg:apk/chainguard/openssl-engine-capipkg:apk/chainguard/openssl-engine-loader-atticpkg:apk/chainguard/openssl-engine-padlockpkg:apk/chainguard/openssl-provider-fipspkg:apk/chainguard/openssl-provider-legacypkg:apk/chainguard/ruby-3.1pkg:apk/chainguard/ruby-3.1-basepkg:apk/chainguard/ruby-3.1-base-devpkg:apk/chainguard/ruby-3.1-devpkg:apk/chainguard/ruby-3.1-docpkg:apk/wolfi/libcrypto3pkg:apk/wolfi/libssl3pkg:apk/wolfi/opensslpkg:apk/wolfi/openssl-configpkg:apk/wolfi/openssl-dbgpkg:apk/wolfi/openssl-devpkg:apk/wolfi/openssl-docpkg:apk/wolfi/openssl-engine-afalgpkg:apk/wolfi/openssl-engine-capipkg:apk/wolfi/openssl-engine-loader-atticpkg:apk/wolfi/openssl-engine-padlockpkg:apk/wolfi/openssl-provider-legacypkg:apk/wolfi/ruby-3.1pkg:apk/wolfi/ruby-3.1-basepkg:apk/wolfi/ruby-3.1-base-devpkg:apk/wolfi/ruby-3.1-devpkg:apk/wolfi/ruby-3.1-docpkg:cargo/openssl-srcpkg:rpm/opensuse/openssl-3&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/openssl-3&distro=openSUSE%20Tumbleweedpkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4
< 3.0.7-r1+ 38 more
- (no CPE)range: < 3.0.7-r1
- (no CPE)range: < 3.0.7-r1
- (no CPE)range: < 3.0.7-r1
- (no CPE)range: < 3.0.7-r1
- (no CPE)range: < 3.0.7-r1
- (no CPE)range: < 3.0.7-r1
- (no CPE)range: < 3.0.7-r1
- (no CPE)range: < 3.0.7-r1
- (no CPE)range: < 3.0.7-r1
- (no CPE)range: < 3.0.7-r1
- (no CPE)range: < 3.0.7-r1
- (no CPE)range: < 3.0.8-r0
- (no CPE)range: < 3.0.7-r1
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 3.0.7-r1
- (no CPE)range: < 3.0.7-r1
- (no CPE)range: < 3.0.7-r1
- (no CPE)range: < 3.0.7-r1
- (no CPE)range: < 3.0.7-r1
- (no CPE)range: < 3.0.7-r1
- (no CPE)range: < 3.0.7-r1
- (no CPE)range: < 3.0.7-r1
- (no CPE)range: < 3.0.7-r1
- (no CPE)range: < 3.0.7-r1
- (no CPE)range: < 3.0.7-r1
- (no CPE)range: < 3.0.7-r1
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: >= 300.0.0, < 300.0.12
- (no CPE)range: < 3.0.1-150400.4.14.1
- (no CPE)range: < 3.0.7-2.1
- (no CPE)range: < 3.0.1-150400.4.14.1
- Range: 3.0.0
Patches
Vulnerability mechanics
References
5- github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7nvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-vr8j-hgmm-jh9rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-3996ghsaADVISORY
- www.openssl.org/news/secadv/20221213.txtnvdVendor AdvisoryWEB
- security.netapp.com/advisory/ntap-20230203-0003/nvd
News mentions
0No linked articles in our index yet.