CVE-2022-3996
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-3996
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3996.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-3996
- Aliases
- Related
- Published
- 2022-12-13T16:15:22Z
- Modified
- 2024-09-18T03:18:45.506210Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup.
Policy processing is enabled by passing the
-policy' argument to the command line utilities or by calling theX509VERIFYPARAMset1policies()' function.Update (31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466.
- References
Affected packages
Alpine:v3.15 / openssl3
Package
- Name
- openssl3
- Purl
- pkg:apk/alpine/openssl3?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.8-r0
Affected versions
1.*
1.1.1-r0
1.1.1-r1
1.1.1-r2
1.1.1-r3
1.1.1-r4
1.1.1-r5
1.1.1a-r0
1.1.1a-r1
1.1.1b-r0
1.1.1b-r1
1.1.1c-r0
1.1.1c-r1
1.1.1d-r1
1.1.1d-r2
1.1.1d-r3
1.1.1d-r4
1.1.1d-r5
1.1.1e-r0
1.1.1f-r0
1.1.1g-r0
1.1.1h-r0
1.1.1i-r0
1.1.1j-r0
1.1.1k-r0
1.1.1k-r1
1.1.1l-r0
3.*
3.0.0-r0
3.0.0-r1
3.0.0-r2
3.0.0-r3
3.0.0-r4
3.0.2-r0
3.0.3-r0
3.0.5-r0
3.0.5-r1
3.0.6-r0
3.0.7-r0
Alpine:v3.16 / openssl3
Package
- Name
- openssl3
- Purl
- pkg:apk/alpine/openssl3?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.8-r0
Affected versions
1.*
1.1.1-r0
1.1.1-r1
1.1.1-r2
1.1.1-r3
1.1.1-r4
1.1.1-r5
1.1.1a-r0
1.1.1a-r1
1.1.1b-r0
1.1.1b-r1
1.1.1c-r0
1.1.1c-r1
1.1.1d-r1
1.1.1d-r2
1.1.1d-r3
1.1.1d-r4
1.1.1d-r5
1.1.1e-r0
1.1.1f-r0
1.1.1g-r0
1.1.1h-r0
1.1.1i-r0
1.1.1j-r0
1.1.1k-r0
1.1.1k-r1
1.1.1l-r0
3.*
3.0.0-r0
3.0.0-r1
3.0.0-r2
3.0.0-r3
3.0.0-r4
3.0.1-r0
3.0.1-r1
3.0.2-r0
3.0.3-r0
3.0.5-r0
3.0.5-r1
3.0.6-r0
3.0.7-r0
Alpine:v3.17 / openssl
Package
- Name
- openssl
- Purl
- pkg:apk/alpine/openssl?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.7-r2
Affected versions
1.*
1.1.1-r0
1.1.1-r1
1.1.1-r2
1.1.1-r3
1.1.1-r4
1.1.1-r5
1.1.1a-r0
1.1.1a-r1
1.1.1b-r0
1.1.1b-r1
1.1.1c-r0
1.1.1c-r1
1.1.1d-r1
1.1.1d-r2
1.1.1d-r3
1.1.1d-r4
1.1.1d-r5
1.1.1e-r0
1.1.1f-r0
1.1.1g-r0
1.1.1h-r0
1.1.1i-r0
1.1.1j-r0
1.1.1k-r0
1.1.1k-r1
1.1.1l-r0
3.*
3.0.0-r0
3.0.0-r1
3.0.0-r2
3.0.0-r3
3.0.0-r4
3.0.1-r0
3.0.1-r1
3.0.2-r0
3.0.3-r0
3.0.5-r0
3.0.5-r1
3.0.5-r2
3.0.5-r3
3.0.6-r0
3.0.7-r0
Alpine:v3.18 / openssl
Package
- Name
- openssl
- Purl
- pkg:apk/alpine/openssl?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.7-r2
Affected versions
1.*
1.1.1-r0
1.1.1-r1
1.1.1-r2
1.1.1-r3
1.1.1-r4
1.1.1-r5
1.1.1a-r0
1.1.1a-r1
1.1.1b-r0
1.1.1b-r1
1.1.1c-r0
1.1.1c-r1
1.1.1d-r1
1.1.1d-r2
1.1.1d-r3
1.1.1d-r4
1.1.1d-r5
1.1.1e-r0
1.1.1f-r0
1.1.1g-r0
1.1.1h-r0
1.1.1i-r0
1.1.1j-r0
1.1.1k-r0
1.1.1k-r1
1.1.1l-r0
3.*
3.0.0-r0
3.0.0-r1
3.0.0-r2
3.0.0-r3
3.0.0-r4
3.0.1-r0
3.0.1-r1
3.0.2-r0
3.0.3-r0
3.0.5-r0
3.0.5-r1
3.0.5-r2
3.0.5-r3
3.0.6-r0
3.0.7-r0
3.0.7-r1
Alpine:v3.19 / openssl
Package
- Name
- openssl
- Purl
- pkg:apk/alpine/openssl?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.7-r2
Affected versions
1.*
1.1.1-r0
1.1.1-r1
1.1.1-r2
1.1.1-r3
1.1.1-r4
1.1.1-r5
1.1.1a-r0
1.1.1a-r1
1.1.1b-r0
1.1.1b-r1
1.1.1c-r0
1.1.1c-r1
1.1.1d-r1
1.1.1d-r2
1.1.1d-r3
1.1.1d-r4
1.1.1d-r5
1.1.1e-r0
1.1.1f-r0
1.1.1g-r0
1.1.1h-r0
1.1.1i-r0
1.1.1j-r0
1.1.1k-r0
1.1.1k-r1
1.1.1l-r0
3.*
3.0.0-r0
3.0.0-r1
3.0.0-r2
3.0.0-r3
3.0.0-r4
3.0.1-r0
3.0.1-r1
3.0.2-r0
3.0.3-r0
3.0.5-r0
3.0.5-r1
3.0.5-r2
3.0.5-r3
3.0.6-r0
3.0.7-r0
3.0.7-r1
Alpine:v3.20 / openssl
Package
- Name
- openssl
- Purl
- pkg:apk/alpine/openssl?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.7-r2
Affected versions
1.*
1.1.1-r0
1.1.1-r1
1.1.1-r2
1.1.1-r3
1.1.1-r4
1.1.1-r5
1.1.1a-r0
1.1.1a-r1
1.1.1b-r0
1.1.1b-r1
1.1.1c-r0
1.1.1c-r1
1.1.1d-r1
1.1.1d-r2
1.1.1d-r3
1.1.1d-r4
1.1.1d-r5
1.1.1e-r0
1.1.1f-r0
1.1.1g-r0
1.1.1h-r0
1.1.1i-r0
1.1.1j-r0
1.1.1k-r0
1.1.1k-r1
1.1.1l-r0
3.*
3.0.0-r0
3.0.0-r1
3.0.0-r2
3.0.0-r3
3.0.0-r4
3.0.1-r0
3.0.1-r1
3.0.2-r0
3.0.3-r0
3.0.5-r0
3.0.5-r1
3.0.5-r2
3.0.5-r3
3.0.6-r0
3.0.7-r0
3.0.7-r1
Debian:12 / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/debian/openssl?arch=source
Debian:13 / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/debian/openssl?arch=source
Git / github.com/openssl/openssl
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openssl/openssl
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
BEFORE_engine
OpenSSL_0_9_1c
OpenSSL_0_9_2b
OpenSSL_0_9_3
OpenSSL_0_9_3a
OpenSSL_0_9_3beta2
OpenSSL_0_9_4
OpenSSL_0_9_5a
OpenSSL_0_9_5a-beta1
OpenSSL_0_9_5a-beta2
OpenSSL_0_9_5beta1
OpenSSL_0_9_5beta2
OpenSSL_0_9_6-beta3
OpenSSL_1_1_0-pre1
OpenSSL_1_1_0-pre2
OpenSSL_1_1_0-pre3
OpenSSL_1_1_0-pre4
OpenSSL_1_1_0-pre5
OpenSSL_1_1_0-pre6
OpenSSL_1_1_1
OpenSSL_1_1_1-pre1
OpenSSL_1_1_1-pre2
OpenSSL_1_1_1-pre3
OpenSSL_1_1_1-pre4
OpenSSL_1_1_1-pre5
OpenSSL_1_1_1-pre6
OpenSSL_1_1_1-pre7
OpenSSL_1_1_1-pre8
OpenSSL_1_1_1-pre9
master-post-auto-reformat
master-post-reformat
master-pre-auto-reformat
master-pre-reformat
openssl-3.*
openssl-3.0.0
openssl-3.0.0-alpha1
openssl-3.0.0-alpha10
openssl-3.0.0-alpha11
openssl-3.0.0-alpha12
openssl-3.0.0-alpha13
openssl-3.0.0-alpha14
openssl-3.0.0-alpha15
openssl-3.0.0-alpha16
openssl-3.0.0-alpha17
openssl-3.0.0-alpha2
openssl-3.0.0-alpha3
openssl-3.0.0-alpha4
openssl-3.0.0-alpha5
openssl-3.0.0-alpha6
openssl-3.0.0-alpha7
openssl-3.0.0-alpha8
openssl-3.0.0-alpha9
openssl-3.0.0-beta1
openssl-3.0.0-beta2
openssl-3.0.1
openssl-3.0.2
openssl-3.0.3
openssl-3.0.4
openssl-3.0.5
openssl-3.0.6
openssl-3.0.7