CVE-2022-3786

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.

References

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type

GIT

Repo

https://github.com/nodejs/node

Events

Introduced

49a77a5a996a49e8cb728eed42e55a7c1a9eef6e

Fixed

8c1dd95f3cc5d91acb9ce8994b3ac45ab927178f

Introduced

Last affected

a4bcc81994c99dbc04089e3ed8d1f5a30a4dc716

Introduced

Last affected

cc993fb2760d01457955f5b9ff787d559ed1c34e

Database specific

{
    "versions": [
        {
            "introduced": "18.0.0"
        },
        {
            "fixed": "18.11.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "18.12.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "19.0.0"
        }
    ]
}

Type

GIT

Repo

https://github.com/openssl/openssl

Events

Introduced

89cd17a031e022211684eb7eb41190cf1910f9fa

Fixed

19cc035b6c6f2283573d29c7ea7f7d675cf750ce

Database specific

{
    "versions": [
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.0.7"
        }
    ]
}

Affected versions

openssl-3.*

openssl-3.0.0

openssl-3.0.1

openssl-3.0.2

openssl-3.0.3

openssl-3.0.4

openssl-3.0.5

openssl-3.0.6

v0.*

v0.0.1

v0.0.2

v0.0.3

v0.0.4

v0.0.6

v0.1.0

v0.1.1

v0.1.10

v0.1.100

v0.1.101

v0.1.102

v0.1.103

v0.1.104

v0.1.11

v0.1.12

v0.1.13

v0.1.14

v0.1.15

v0.1.16

v0.1.17

v0.1.18

v0.1.19

v0.1.2

v0.1.20

v0.1.21

v0.1.22

v0.1.23

v0.1.24

v0.1.25

v0.1.26

v0.1.27

v0.1.28

v0.1.29

v0.1.3

v0.1.30

v0.1.31

v0.1.32

v0.1.33

v0.1.4

v0.1.5

v0.1.6

v0.1.7

v0.1.8

v0.1.9

v0.1.92

v0.1.93

v0.1.94

v0.1.95

v0.1.96

v0.1.97

v0.1.98

v0.1.99

v0.2.0

v0.3.0

v0.3.1

v0.3.2

v0.3.4

v0.3.5

v0.3.6

v0.3.7

v0.3.8

v0.4.0

v0.5.0

v0.5.1

v0.5.10

v0.5.2

v0.5.3

v0.5.4

v0.5.5

v0.5.5-rc1

v0.5.6

v0.5.7

v0.5.8

v0.5.9

v0.6.0

v0.6.1

v0.7.0

v0.7.2

v0.7.3

v1.*

v1.0.1

v1.0.1-release

v1.0.2

v1.0.2-release

v1.0.3

v1.0.4

v1.1.0

v1.2.0

v1.3.0

v1.4.1

v1.4.2

v1.4.3

v1.5.0

v1.5.1

v1.6.0

v1.6.1

v1.6.2

v1.6.3

v1.6.4

v1.7.0

v1.7.1

v18.*

v18.0.0

v18.1.0

v18.10.0

v18.11.0

v18.12.0

v18.2.0

v18.3.0

v18.4.0

v18.5.0

v18.6.0

v18.7.0

v18.8.0

v18.9.0

v18.9.1

v19.*

v19.0.0

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.1.0

v2.2.0

v2.2.1

v2.3.0

v2.3.1

v2.3.2

v2.3.3

v2.3.4

v2.4.0

v2.5.0

v3.*

v3.0.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3786.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "36"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "37"
            }
        ]
    }
]