Main Vulnerability Database Vulnerabilities #VU70142

#VU70142 Improper locking in OpenSSL - CVE-2022-3996

Published: December 13, 2022 / Updated: February 7, 2023

Vulnerability identifier: #VU70142

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-3996

CWE-ID: CWE-667

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OpenSSL

Software vendor:
OpenSSL Software Foundation

Description

The vulnerability allows a remote attacker to perform a denial of service attack (DoS).

The vulnerability exists due to double-locking error if an X.509 certificate contains a malformed policy constraint and policy processing is enabled. A remote attacker can under certain circumstances perform a denial of service attack against the web server.

Successful exploitation of the vulnerability requires that policy processing being enabled on the server.

Remediation

Install update from vendor's website.

External links

https://www.openssl.org/news/secadv/20221213.txt

#VU70142 Improper locking in OpenSSL - CVE-2022-3996

Description

Remediation

External links

Please verify you're human