Vulnerability Details CVE-2022-3996
If an X.509 certificate contains a malformed policy constraint and
policy processing is enabled, then a write lock will be taken twice
recursively. On some operating systems (most widely: Windows) this
results in a denial of service when the affected process hangs. Policy
processing being enabled on a publicly facing server is not considered
to be a common setup.
Policy processing is enabled by passing the `-policy'
argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.
Update (31 March 2023): The description of the policy processing enablement
was corrected based on CVE-2023-0466.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.9%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7
- https://www.openssl.org/news/secadv/20221213.txt
- https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7
- https://security.netapp.com/advisory/ntap-20230203-0003/
- https://www.openssl.org/news/secadv/20221213.txt
Products affected by CVE-2022-3996
-
cpe:2.3:a:openssl:openssl:3.0.0
-
cpe:2.3:a:openssl:openssl:3.0.1
-
cpe:2.3:a:openssl:openssl:3.0.2
-
cpe:2.3:a:openssl:openssl:3.0.3
-
cpe:2.3:a:openssl:openssl:3.0.4
-
cpe:2.3:a:openssl:openssl:3.0.5
-
cpe:2.3:a:openssl:openssl:3.0.6
-
cpe:2.3:a:openssl:openssl:3.0.7