Additional information on critical SSL vulnerability.

development security Software
Additional information on critical SSL vulnerability.

Earlier, we posted information about a patch that the OpenSSL team was preparing to cover a critical vulnerability. However, at that moment, no information about the vulnerability was available. OpenSSL team made an announcement just because they wanted to let the IT teams start preparing and, at the same time, leave no chance to treat actors to use the flaw. Later, once the patch was released, they provided more data about the issues.


The flaws discovered in OpenSSL were CVE-2022-3786 (“X.509 Email Address Variable Length Buffer Overflow”) and CVE-2022-3602 (“X.509 Email Address 4-byte Buffer Overflow”). Both bugs appeared as part of Punycode decoding logic, added in OpenSSL 3.0.

Originally the second one was announced as critical. Still, later its severity was downgraded to high because many platforms have stack overflow protection mechanisms that wouldn’t allow performing remote code execution, causing a crash instead.


CVE-2022-3602 is a buffer overrun vulnerability in X.509 certificate name constraint verification. A malicious email address can be created to overflow four bytes controlled by the attacker. This may result in a crash (in most cases) or potentially remote code execution.


CVE-2022-3786 is also related to buffer overrun in X.509 certificate name constraint verification. In this case, a malicious email address in the certificate causes an overflow in an arbitrary number of bytes that contain the decimal 46 character (`.'), causing a crash and denial of service.


Both issues appear in OpenSSL versions from 3.0.0 to 3.0.6. It is highly recommended to update to 3.0.7 as soon as possible. Another way to mitigate the issues is to disable TLS client authentication until the fix is applied. The existing application using OpenSSL 1.1.1 is not affected.


Image credit: Photo by FLY:D on Unsplash