Skip to content

openssl CVE-2022-3786

High
bcressey published GHSA-7r99-w5cv-ph78 Nov 2, 2022

Package

openssl (bottlerocket-update-operator)

Affected versions

0.2.0-0.2.2

Patched versions

1.0.0

Description

A stack-based buffer overflow was found in the way OpenSSL processes X.509 certificates with a specially crafted email address field. This issue could cause a server or a client application compiled with OpenSSL to crash or possibly execute remote code when trying to process the malicious certificate.

References

CVE-2022-3786
OpenSSL blog

Severity

High

CVE ID

CVE-2022-3786

Weaknesses

No CWEs