CVE-2022-3996

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-3996
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3996.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-3996
Aliases
Downstream
Related
Published
2022-12-13T16:15:22Z
Modified
2025-10-21T07:09:01.076926Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup.

Policy processing is enabled by passing the -policy' argument to the command line utilities or by calling the X509VERIFYPARAMset1policies()' function.

Update (31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466.

References

Affected packages

Git / github.com/openssl/openssl

Affected ranges

Type
GIT
Repo
https://github.com/openssl/openssl
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
7725e7bfe6f2ce8146b6552b44e0d226be7638e7

Affected versions

Other

BEFORE_engine
OpenSSL_0_9_1c
OpenSSL_0_9_2b
OpenSSL_0_9_3
OpenSSL_0_9_3a
OpenSSL_0_9_3beta2
OpenSSL_0_9_4
OpenSSL_0_9_5a
OpenSSL_0_9_5a-beta1
OpenSSL_0_9_5a-beta2
OpenSSL_0_9_5beta1
OpenSSL_0_9_5beta2
OpenSSL_0_9_6-beta3
OpenSSL_1_1_0-pre1
OpenSSL_1_1_0-pre2
OpenSSL_1_1_0-pre3
OpenSSL_1_1_0-pre4
OpenSSL_1_1_0-pre5
OpenSSL_1_1_0-pre6
OpenSSL_1_1_1
OpenSSL_1_1_1-pre1
OpenSSL_1_1_1-pre2
OpenSSL_1_1_1-pre3
OpenSSL_1_1_1-pre4
OpenSSL_1_1_1-pre5
OpenSSL_1_1_1-pre6
OpenSSL_1_1_1-pre7
OpenSSL_1_1_1-pre8
OpenSSL_1_1_1-pre9
master-post-auto-reformat
master-post-reformat
master-pre-auto-reformat
master-pre-reformat

openssl-3.*

openssl-3.0.0
openssl-3.0.0-alpha1
openssl-3.0.0-alpha10
openssl-3.0.0-alpha11
openssl-3.0.0-alpha12
openssl-3.0.0-alpha13
openssl-3.0.0-alpha14
openssl-3.0.0-alpha15
openssl-3.0.0-alpha16
openssl-3.0.0-alpha17
openssl-3.0.0-alpha2
openssl-3.0.0-alpha3
openssl-3.0.0-alpha4
openssl-3.0.0-alpha5
openssl-3.0.0-alpha6
openssl-3.0.0-alpha7
openssl-3.0.0-alpha8
openssl-3.0.0-alpha9
openssl-3.0.0-beta1
openssl-3.0.0-beta2
openssl-3.0.1
openssl-3.0.2
openssl-3.0.3
openssl-3.0.4
openssl-3.0.5
openssl-3.0.6
openssl-3.0.7

Database specific

vanir_signatures

[
    {
        "id": "CVE-2022-3996-383cac48",
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "279575523795296330294593989038263856970",
                "328228967788405492778462705417817613235",
                "48604254952751100308328289785600103687",
                "106056911410713250346668559786984267083",
                "172779517063998759931966698215728748829",
                "58100369142781113603802418888053424532",
                "45598401082326268789446081927995096398"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "source": "https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7",
        "target": {
            "file": "crypto/x509/pcy_map.c"
        }
    },
    {
        "id": "CVE-2022-3996-c5cfac45",
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "length": 1370.0,
            "function_hash": "251752733737737008454248314611164806237"
        },
        "deprecated": false,
        "source": "https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7",
        "target": {
            "function": "ossl_policy_cache_set_mapping",
            "file": "crypto/x509/pcy_map.c"
        }
    }
]