Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2022-3786

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.193
EPSS Ranking 95.0%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2022-3786
  • Nodejs » Node.js » Version: 18.0.0
    cpe:2.3:a:nodejs:node.js:18.0.0
  • Nodejs » Node.js » Version: 18.0.1
    cpe:2.3:a:nodejs:node.js:18.0.1
  • Nodejs » Node.js » Version: 18.0.2
    cpe:2.3:a:nodejs:node.js:18.0.2
  • Nodejs » Node.js » Version: 18.0.3
    cpe:2.3:a:nodejs:node.js:18.0.3
  • Nodejs » Node.js » Version: 18.0.4
    cpe:2.3:a:nodejs:node.js:18.0.4
  • Nodejs » Node.js » Version: 18.0.5
    cpe:2.3:a:nodejs:node.js:18.0.5
  • Nodejs » Node.js » Version: 18.0.6
    cpe:2.3:a:nodejs:node.js:18.0.6
  • Nodejs » Node.js » Version: 18.1.0
    cpe:2.3:a:nodejs:node.js:18.1.0
  • Nodejs » Node.js » Version: 18.10.0
    cpe:2.3:a:nodejs:node.js:18.10.0
  • Nodejs » Node.js » Version: 18.12.0
    cpe:2.3:a:nodejs:node.js:18.12.0
  • Nodejs » Node.js » Version: 18.2.0
    cpe:2.3:a:nodejs:node.js:18.2.0
  • Nodejs » Node.js » Version: 18.3.0
    cpe:2.3:a:nodejs:node.js:18.3.0
  • Nodejs » Node.js » Version: 18.4.0
    cpe:2.3:a:nodejs:node.js:18.4.0
  • Nodejs » Node.js » Version: 18.5.0
    cpe:2.3:a:nodejs:node.js:18.5.0
  • Nodejs » Node.js » Version: 18.6.0
    cpe:2.3:a:nodejs:node.js:18.6.0
  • Nodejs » Node.js » Version: 18.7.0
    cpe:2.3:a:nodejs:node.js:18.7.0
  • Nodejs » Node.js » Version: 18.8.0
    cpe:2.3:a:nodejs:node.js:18.8.0
  • Nodejs » Node.js » Version: 18.9.0
    cpe:2.3:a:nodejs:node.js:18.9.0
  • Nodejs » Node.js » Version: 18.9.1
    cpe:2.3:a:nodejs:node.js:18.9.1
  • Nodejs » Node.js » Version: 19.0.0
    cpe:2.3:a:nodejs:node.js:19.0.0
  • Openssl » Openssl » Version: 3.0.0
    cpe:2.3:a:openssl:openssl:3.0.0
  • Openssl » Openssl » Version: 3.0.1
    cpe:2.3:a:openssl:openssl:3.0.1
  • Openssl » Openssl » Version: 3.0.2
    cpe:2.3:a:openssl:openssl:3.0.2
  • Openssl » Openssl » Version: 3.0.3
    cpe:2.3:a:openssl:openssl:3.0.3
  • Openssl » Openssl » Version: 3.0.4
    cpe:2.3:a:openssl:openssl:3.0.4
  • Openssl » Openssl » Version: 3.0.5
    cpe:2.3:a:openssl:openssl:3.0.5
  • Openssl » Openssl » Version: 3.0.6
    cpe:2.3:a:openssl:openssl:3.0.6
  • Fedoraproject » Fedora » Version: 36
    cpe:2.3:o:fedoraproject:fedora:36
  • Fedoraproject » Fedora » Version: 37
    cpe:2.3:o:fedoraproject:fedora:37


Products
Pricing
Contact Us

Shodan ® - All rights reserved