Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-3602 (GCVE-0-2022-3602)
Vulnerability from cvelistv5 – Published: 2022-11-01 00:00 – Updated: 2026-04-14 08:58
VLAI
EPSS
Title
X.509 Email Address 4-byte Buffer Overflow
Summary
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).
Severity
No CVSS data available.
CWE
- Buffer overflow
Assigner
References
40 references
Impacted products
Date Public
2022-11-01 00:00
Credits
Polar Bear
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:13:04.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20221101.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3"
},
{
"name": "[oss-security] 20221101 OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/15"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/16"
},
{
"name": "20221028 Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/21"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/19"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/18"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/20"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/24"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/17"
},
{
"name": "GLSA-202211-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202211-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023"
},
{
"name": "VU#794340",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/794340"
},
{
"name": "FEDORA-2022-0f1d2e0537",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/"
},
{
"name": "FEDORA-2022-502f096dce",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/2"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/6"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/5"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/1"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/3"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/7"
},
{
"name": "[oss-security] 20221102 Re: Fwd: Node.js security updates for all active release lines, November 2022",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/10"
},
{
"name": "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/9"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html"
},
{
"name": "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/12"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/11"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/15"
},
{
"name": "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/14"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/13"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221102-0001/"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/1"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/2"
},
{
"name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/3"
},
{
"name": "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/5"
},
{
"name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/7"
},
{
"name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/6"
},
{
"name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/9"
},
{
"name": "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/10"
},
{
"name": "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/11"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00789.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:26:56.588972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:12:48.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "Calibre ICE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2023.1",
"status": "affected",
"version": "V2022.4",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mcenter",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.3.0",
"status": "affected",
"version": "V5.2.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204RNA (HSR)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2.8",
"status": "affected",
"version": "V3.2.7",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204RNA (PRP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2.8",
"status": "affected",
"version": "V3.2.7",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204RNA EEC (HSR)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2.8",
"status": "affected",
"version": "V3.2.7",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204RNA EEC (PRP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2.8",
"status": "affected",
"version": "V3.2.7",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204RNA EEC (PRP/HSR)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2.8",
"status": "affected",
"version": "V3.2.7",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM GridPass",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.20",
"status": "affected",
"version": "V1.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RTLS Locating Manager",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.13.0.3",
"status": "affected",
"version": "V2.13.0.0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T08:58:02.339Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-408105.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"status": "affected",
"version": "Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Polar Bear"
}
],
"datePublic": "2022-11-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6)."
}
],
"metrics": [
{
"other": {
"content": {
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#HIGH",
"value": "HIGH"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-03T00:00:00.000Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"url": "https://www.openssl.org/news/secadv/20221101.txt"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3"
},
{
"name": "[oss-security] 20221101 OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/15"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/16"
},
{
"name": "20221028 Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/21"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/19"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/18"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/20"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/24"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/17"
},
{
"name": "GLSA-202211-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202211-01"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023"
},
{
"name": "VU#794340",
"tags": [
"third-party-advisory"
],
"url": "https://www.kb.cert.org/vuls/id/794340"
},
{
"name": "FEDORA-2022-0f1d2e0537",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/"
},
{
"name": "FEDORA-2022-502f096dce",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/2"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/6"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/5"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/1"
},
{
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/3"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/7"
},
{
"name": "[oss-security] 20221102 Re: Fwd: Node.js security updates for all active release lines, November 2022",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/10"
},
{
"name": "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/9"
},
{
"url": "http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html"
},
{
"name": "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/12"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/11"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/15"
},
{
"name": "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/14"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/02/13"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221102-0001/"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/1"
},
{
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/2"
},
{
"name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/3"
},
{
"name": "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/5"
},
{
"name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/7"
},
{
"name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/6"
},
{
"name": "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/9"
},
{
"name": "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/10"
},
{
"name": "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/03/11"
}
],
"title": "X.509 Email Address 4-byte Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2022-3602",
"datePublished": "2022-11-01T00:00:00.000Z",
"dateReserved": "2022-10-19T00:00:00.000Z",
"dateUpdated": "2026-04-14T08:58:02.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-3602",
"date": "2026-05-25",
"epss": "0.83506",
"percentile": "0.99294"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-3602\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2022-11-01T18:15:10.983\",\"lastModified\":\"2026-04-14T10:16:25.487\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\"},{\"lang\":\"es\",\"value\":\"Puede activarse una saturaci\u00f3n del b\u00fafer en la verificaci\u00f3n del certificado X.509, espec\u00edficamente en la verificaci\u00f3n de restricciones en el nombre. Tenga en cuenta que esto ocurre despu\u00e9s de la verificaci\u00f3n de la firma de la cadena de certificados y requiere que una CA haya firmado el certificado malicioso o que la aplicaci\u00f3n contin\u00fae con la verificaci\u00f3n del certificado a pesar de no poder construir una ruta a un emisor confiable. Un atacante puede crear una direcci\u00f3n de correo electr\u00f3nico maliciosa para desbordar cuatro bytes en la pila de memoria controlados por el atacante. Este desbordamiento del b\u00fafer podr\u00eda provocar un bloqueo (provocando una denegaci\u00f3n de servicio) o una potencial ejecuci\u00f3n remota de c\u00f3digo. Muchas plataformas implementan protecciones contra el desbordamiento de la pila de memoria que mitigar\u00edan el riesgo de ejecuci\u00f3n remota de c\u00f3digo. El riesgo puede mitigarse, a\u00fan m\u00e1s, seg\u00fan el dise\u00f1o de la pila de memoria para cualquier plataforma/compilador determinado. Los anuncios previos de CVE-2022-3602 describieron este problema como CR\u00cdTICO. Un an\u00e1lisis m\u00e1s detallado basado en algunos de los factores mitigantes descritos anteriormente ha llevado a que esto se rebaje a ALTO. A\u00fan se recomienda a los usuarios que actualicen a una nueva versi\u00f3n lo antes posible. En un cliente TLS, esto se puede desencadenar conect\u00e1ndose a un servidor malicioso. En un servidor TLS, esto se puede activar si el servidor solicita la autenticaci\u00f3n del cliente y se conecta un cliente malintencionado. Corregido en OpenSSL 3.0.7 (Afectado 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.0.7\",\"matchCriteriaId\":\"BE1F59CA-02F2-4374-A129-18713496B58B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FE996B1-6951-4F85-AA58-B99A379D2163\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E4D8269-B407-4C24-AAB0-02F885C7D752\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBEACBFF-6D05-4B69-BF7A-F7E539D9BF6E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"18.0.0\",\"versionEndExcluding\":\"18.11.0\",\"matchCriteriaId\":\"CAC42CA8-8B01-4A19-A83C-A7D4D08E5E43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:18.12.0:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"7B1F87EE-4E30-4832-BF01-8501E94380EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:19.0.0:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"F568BBC5-0D8E-499C-9F3E-DDCE5F10F9D5\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/01/15\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/01/16\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/01/17\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/01/18\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/01/19\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/01/20\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/01/21\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/01/24\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/1\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/10\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/11\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/12\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/13\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/14\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/15\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/2\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/3\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/5\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/6\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/7\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/9\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/03/1\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/03/10\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/03/11\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/03/2\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/03/3\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/03/5\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/03/6\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/03/7\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/03/9\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202211-01\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20221102-0001/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/794340\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.openssl.org/news/secadv/20221101.txt\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/01/15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/01/16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/01/17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/01/18\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/01/19\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/01/20\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/01/21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/01/24\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/02/9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/03/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/03/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/03/11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/03/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/03/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/03/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/03/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/03/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/11/03/9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202211-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20221102-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00789.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.kb.cert.org/vuls/id/794340\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.openssl.org/news/secadv/20221101.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-408105.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.openssl.org/news/secadv/20221101.txt\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/01/15\", \"name\": \"[oss-security] 20221101 OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/01/16\", \"name\": \"[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a\", \"name\": \"20221028 Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/01/21\", \"name\": \"[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/01/19\", \"name\": \"[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/01/18\", \"name\": \"[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/01/20\", \"name\": \"[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/01/24\", \"name\": \"[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/01/17\", \"name\": \"[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202211-01\", \"name\": \"GLSA-202211-01\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/794340\", \"name\": \"VU#794340\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/\", \"name\": \"FEDORA-2022-0f1d2e0537\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/\", \"name\": \"FEDORA-2022-502f096dce\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/2\", \"name\": \"[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/6\", \"name\": \"[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/5\", \"name\": \"[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/1\", \"name\": \"[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/3\", \"name\": \"[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/7\", \"name\": \"[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/10\", \"name\": \"[oss-security] 20221102 Re: Fwd: Node.js security updates for all active release lines, November 2022\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/9\", \"name\": \"[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/12\", \"name\": \"[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/11\", \"name\": \"[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/15\", \"name\": \"[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/14\", \"name\": \"[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/13\", \"name\": \"[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20221102-0001/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/03/1\", \"name\": \"[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/03/2\", \"name\": \"[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/03/3\", \"name\": \"[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/03/5\", \"name\": \"[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/03/7\", \"name\": \"[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/03/6\", \"name\": \"[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/03/9\", \"name\": \"[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/03/10\", \"name\": \"[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/03/11\", \"name\": \"[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00789.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T19:13:04.845Z\"}}, {\"affected\": [{\"vendor\": \"Siemens\", \"product\": \"Calibre ICE\", \"versions\": [{\"status\": \"affected\", \"version\": \"V2022.4\", \"lessThan\": \"V2023.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Mcenter\", \"versions\": [{\"status\": \"affected\", \"version\": \"V5.2.1\", \"lessThan\": \"V5.3.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204RNA (HSR)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.2.7\", \"lessThan\": \"V3.2.8\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204RNA (PRP)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.2.7\", \"lessThan\": \"V3.2.8\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204RNA EEC (HSR)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.2.7\", \"lessThan\": \"V3.2.8\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204RNA EEC (PRP)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.2.7\", \"lessThan\": \"V3.2.8\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE X204RNA EEC (PRP/HSR)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.2.7\", \"lessThan\": \"V3.2.8\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SICAM GridPass\", \"versions\": [{\"status\": \"affected\", \"version\": \"V1.80\", \"lessThan\": \"V2.20\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC RTLS Locating Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"V2.13.0.0\", \"lessThan\": \"V2.13.0.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"x_adpType\": \"supplier\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-408105.html\"}], \"providerMetadata\": {\"orgId\": \"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\", \"shortName\": \"siemens-SADP\", \"dateUpdated\": \"2026-04-14T08:58:02.339Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-3602\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-23T13:26:56.588972Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-05T13:07:56.572Z\"}}], \"cna\": {\"title\": \"X.509 Email Address 4-byte Buffer Overflow\", \"credits\": [{\"lang\": \"en\", \"value\": \"Polar Bear\"}], \"metrics\": [{\"other\": {\"type\": \"unknown\", \"content\": {\"url\": \"https://www.openssl.org/policies/secpolicy.html#HIGH\", \"lang\": \"eng\", \"value\": \"HIGH\"}}}], \"affected\": [{\"vendor\": \"OpenSSL\", \"product\": \"OpenSSL\", \"versions\": [{\"status\": \"affected\", \"version\": \"Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6)\"}]}], \"datePublic\": \"2022-11-01T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.openssl.org/news/secadv/20221101.txt\"}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/01/15\", \"name\": \"[oss-security] 20221101 OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/01/16\", \"name\": \"[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a\", \"name\": \"20221028 Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/01/21\", \"name\": \"[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/01/19\", \"name\": \"[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/01/18\", \"name\": \"[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/01/20\", \"name\": \"[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/01/24\", \"name\": \"[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/01/17\", \"name\": \"[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.gentoo.org/glsa/202211-01\", \"name\": \"GLSA-202211-01\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023\"}, {\"url\": \"https://www.kb.cert.org/vuls/id/794340\", \"name\": \"VU#794340\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/\", \"name\": \"FEDORA-2022-0f1d2e0537\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/\", \"name\": \"FEDORA-2022-502f096dce\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/2\", \"name\": \"[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/6\", \"name\": \"[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/5\", \"name\": \"[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/1\", \"name\": \"[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/3\", \"name\": \"[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/7\", \"name\": \"[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/10\", \"name\": \"[oss-security] 20221102 Re: Fwd: Node.js security updates for all active release lines, November 2022\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/9\", \"name\": \"[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/12\", \"name\": \"[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/11\", \"name\": \"[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/15\", \"name\": \"[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/14\", \"name\": \"[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/02/13\", \"name\": \"[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20221102-0001/\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/03/1\", \"name\": \"[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/03/2\", \"name\": \"[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/03/3\", \"name\": \"[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/03/5\", \"name\": \"[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/03/7\", \"name\": \"[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/03/6\", \"name\": \"[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/03/9\", \"name\": \"[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/03/10\", \"name\": \"[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/11/03/11\", \"name\": \"[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\", \"tags\": [\"mailing-list\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Buffer overflow\"}]}], \"providerMetadata\": {\"orgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"shortName\": \"openssl\", \"dateUpdated\": \"2022-11-03T00:00:00.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-3602\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-14T08:58:02.339Z\", \"dateReserved\": \"2022-10-19T00:00:00.000Z\", \"assignerOrgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"datePublished\": \"2022-11-01T00:00:00.000Z\", \"assignerShortName\": \"openssl\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
ICSA-23-229-01
Vulnerability from csaf_cisa - Published: 2023-08-17 06:00 - Updated: 2023-08-17 06:00Summary
ICONICS and Mitsubishi Electric Products
Notes
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities could result in information disclosure, denial-of-service, or remote code execution.
Critical infrastructure sectors: Critical Manufacturing
Countries/areas deployed: Worldwide
Company headquarters location: ICONICS is headquartered in the United States. Mitsubishi Electric is headquartered in Japan.
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:
Recommended Practices: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolating them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
5.9 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI: 10.97.2
ICONICS, Mitsubishi Electric / ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI
|
10.97.2 |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
5.9 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI: 10.97.2
ICONICS, Mitsubishi Electric / ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI
|
10.97.2 |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
5.9 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI: 10.97.2
ICONICS, Mitsubishi Electric / ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI
|
10.97.2 |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
5.9 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI: 10.97.2
ICONICS, Mitsubishi Electric / ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI
|
10.97.2 |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
5.9 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI: 10.97.2
ICONICS, Mitsubishi Electric / ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI
|
10.97.2 |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
5.9 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI: 10.97.2
ICONICS, Mitsubishi Electric / ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI
|
10.97.2 |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
fix
|
References
15 references
Acknowledgments
ICONICS
{
"document": {
"acknowledgments": [
{
"organization": "ICONICS",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could result in information disclosure, denial-of-service, or remote code execution.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "ICONICS is headquartered in the United States. Mitsubishi Electric is headquartered in Japan.",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-23-229-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-229-01.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-23-229-01 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-229-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "ICONICS and Mitsubishi Electric Products",
"tracking": {
"current_release_date": "2023-08-17T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-23-229-01",
"initial_release_date": "2023-08-17T06:00:00.000000Z",
"revision_history": [
{
"date": "2023-08-17T06:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "10.97.2",
"product": {
"name": "ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI: 10.97.2",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI"
}
],
"category": "vendor",
"name": "ICONICS, Mitsubishi Electric"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-3602",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A denial of service and potential crash vulnerability due to a buffer overrun condition exists in the OpenSSL library used in the ICONICS Suite. This vulnerability is in the X.509 certificate name constraint checking.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3602"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Version 10.97.2 Critical Fixes Rollup 2 and later is not vulnerable to these exploits. ICONICS recommends that users of its products take the following mitigation steps:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Ensure the 10.97.2 Critical Fixes Rollup release is applied to version 10.97.2 systems.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For systems that do not contain the patch/fix:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not use the BACnet/SC feature on a production system.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "ICONICS and Mitsubishi Electric recommend updating the ICONICS Suite with the latest security patches as they become available. ICONICS Suite security patches may be found here (login required).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://partners.iconics.com/Home.aspx"
},
{
"category": "mitigation",
"details": "ICONICS and Mitsubishi Electric are releasing security updates as critical fixes/rollups release. For more information, refer to the ICONICS whitepaper on security vulnerabilities, the most recent version of which can be found here.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://iconics.com/About/Security/CERT"
},
{
"category": "mitigation",
"details": "Additional information about the security updates may also be found in Mitsubishi Electric\u0027s security advisories:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Advisory 2022-014",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-014_en.pdf"
},
{
"category": "mitigation",
"details": "Advisory 2023-009",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-009_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-3786",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A denial-of-service vulnerability due to a buffer overrun condition exists in the OpenSSL library used in the ICONICS Suite. This vulnerability is in the X.509 certificate verification.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3786"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Version 10.97.2 Critical Fixes Rollup 2 and later is not vulnerable to these exploits. ICONICS recommends that users of its products take the following mitigation steps:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Ensure the 10.97.2 Critical Fixes Rollup release is applied to version 10.97.2 systems.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For systems that do not contain the patch/fix:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not use the BACnet/SC feature on a production system.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "ICONICS and Mitsubishi Electric recommend updating the ICONICS Suite with the latest security patches as they become available. ICONICS Suite security patches may be found here (login required).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://partners.iconics.com/Home.aspx"
},
{
"category": "mitigation",
"details": "ICONICS and Mitsubishi Electric are releasing security updates as critical fixes/rollups release. For more information, refer to the ICONICS whitepaper on security vulnerabilities, the most recent version of which can be found here.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://iconics.com/About/Security/CERT"
},
{
"category": "mitigation",
"details": "Additional information about the security updates may also be found in Mitsubishi Electric\u0027s security advisories:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Advisory 2022-014",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-014_en.pdf"
},
{
"category": "mitigation",
"details": "Advisory 2023-009",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-009_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-4203",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A denial-of-service vulnerability due to an out of bounds read condition exists in the OpenSSL library used in the ICONICS Suite. This vulnerability is in the X.509 certificate verification.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4203"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Version 10.97.2 Critical Fixes Rollup 2 and later is not vulnerable to these exploits. ICONICS recommends that users of its products take the following mitigation steps:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Ensure the 10.97.2 Critical Fixes Rollup release is applied to version 10.97.2 systems.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For systems that do not contain the patch/fix:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not use the BACnet/SC feature on a production system.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "ICONICS and Mitsubishi Electric recommend updating the ICONICS Suite with the latest security patches as they become available. ICONICS Suite security patches may be found here (login required).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://partners.iconics.com/Home.aspx"
},
{
"category": "mitigation",
"details": "ICONICS and Mitsubishi Electric are releasing security updates as critical fixes/rollups release. For more information, refer to the ICONICS whitepaper on security vulnerabilities, the most recent version of which can be found here.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://iconics.com/About/Security/CERT"
},
{
"category": "mitigation",
"details": "Additional information about the security updates may also be found in Mitsubishi Electric\u0027s security advisories:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Advisory 2022-014",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-014_en.pdf"
},
{
"category": "mitigation",
"details": "Advisory 2023-009",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-009_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-4304",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"notes": [
{
"category": "summary",
"text": "An information disclosure vulnerability due to an observable timing discrepancy exists in the OpenSSL library used in the ICONICS Suite. This vulnerability is in the RSA decryption implementation.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4304"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Version 10.97.2 Critical Fixes Rollup 2 and later is not vulnerable to these exploits. ICONICS recommends that users of its products take the following mitigation steps:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Ensure the 10.97.2 Critical Fixes Rollup release is applied to version 10.97.2 systems.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For systems that do not contain the patch/fix:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not use the BACnet/SC feature on a production system.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "ICONICS and Mitsubishi Electric recommend updating the ICONICS Suite with the latest security patches as they become available. ICONICS Suite security patches may be found here (login required).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://partners.iconics.com/Home.aspx"
},
{
"category": "mitigation",
"details": "ICONICS and Mitsubishi Electric are releasing security updates as critical fixes/rollups release. For more information, refer to the ICONICS whitepaper on security vulnerabilities, the most recent version of which can be found here.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://iconics.com/About/Security/CERT"
},
{
"category": "mitigation",
"details": "Additional information about the security updates may also be found in Mitsubishi Electric\u0027s security advisories:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Advisory 2022-014",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-014_en.pdf"
},
{
"category": "mitigation",
"details": "Advisory 2023-009",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-009_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-4450",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "A denial of service and potential crash vulnerability due to a double free condition exists in the OpenSSL library used in the ICONICS Suite. This vulnerability is in the reading of a PEM file.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4450"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Version 10.97.2 Critical Fixes Rollup 2 and later is not vulnerable to these exploits. ICONICS recommends that users of its products take the following mitigation steps:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Ensure the 10.97.2 Critical Fixes Rollup release is applied to version 10.97.2 systems.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For systems that do not contain the patch/fix:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not use the BACnet/SC feature on a production system.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "ICONICS and Mitsubishi Electric recommend updating the ICONICS Suite with the latest security patches as they become available. ICONICS Suite security patches may be found here (login required).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://partners.iconics.com/Home.aspx"
},
{
"category": "mitigation",
"details": "ICONICS and Mitsubishi Electric are releasing security updates as critical fixes/rollups release. For more information, refer to the ICONICS whitepaper on security vulnerabilities, the most recent version of which can be found here.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://iconics.com/About/Security/CERT"
},
{
"category": "mitigation",
"details": "Additional information about the security updates may also be found in Mitsubishi Electric\u0027s security advisories:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Advisory 2022-014",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-014_en.pdf"
},
{
"category": "mitigation",
"details": "Advisory 2023-009",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-009_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2023-0401",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A denial of service and potential crash vulnerability due to a NULL Pointer dereference exists in the OpenSSL library used in the ICONICS Suite. This vulnerability can occur when signatures are being verified.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0401"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Version 10.97.2 Critical Fixes Rollup 2 and later is not vulnerable to these exploits. ICONICS recommends that users of its products take the following mitigation steps:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Ensure the 10.97.2 Critical Fixes Rollup release is applied to version 10.97.2 systems.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For systems that do not contain the patch/fix:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not use the BACnet/SC feature on a production system.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "ICONICS and Mitsubishi Electric recommend updating the ICONICS Suite with the latest security patches as they become available. ICONICS Suite security patches may be found here (login required).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://partners.iconics.com/Home.aspx"
},
{
"category": "mitigation",
"details": "ICONICS and Mitsubishi Electric are releasing security updates as critical fixes/rollups release. For more information, refer to the ICONICS whitepaper on security vulnerabilities, the most recent version of which can be found here.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://iconics.com/About/Security/CERT"
},
{
"category": "mitigation",
"details": "Additional information about the security updates may also be found in Mitsubishi Electric\u0027s security advisories:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Advisory 2022-014",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-014_en.pdf"
},
{
"category": "mitigation",
"details": "Advisory 2023-009",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-009_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
}
]
}
OPENSUSE-SU-2024:12469-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
cargo-audit-advisory-db-20221102-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: cargo-audit-advisory-db-20221102-1.1 on GA media
Description of the patch: These are all security issues fixed in the cargo-audit-advisory-db-20221102-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12469
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
5.9 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cargo-audit-advisory-db-20221102-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cargo-audit-advisory-db-20221102-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12469",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12469-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3602 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-36086 page",
"url": "https://www.suse.com/security/cve/CVE-2022-36086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3786 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3786/"
}
],
"title": "cargo-audit-advisory-db-20221102-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12469-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cargo-audit-advisory-db-20221102-1.1.aarch64",
"product": {
"name": "cargo-audit-advisory-db-20221102-1.1.aarch64",
"product_id": "cargo-audit-advisory-db-20221102-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-audit-advisory-db-20221102-1.1.ppc64le",
"product": {
"name": "cargo-audit-advisory-db-20221102-1.1.ppc64le",
"product_id": "cargo-audit-advisory-db-20221102-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-audit-advisory-db-20221102-1.1.s390x",
"product": {
"name": "cargo-audit-advisory-db-20221102-1.1.s390x",
"product_id": "cargo-audit-advisory-db-20221102-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-audit-advisory-db-20221102-1.1.x86_64",
"product": {
"name": "cargo-audit-advisory-db-20221102-1.1.x86_64",
"product_id": "cargo-audit-advisory-db-20221102-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-audit-advisory-db-20221102-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.aarch64"
},
"product_reference": "cargo-audit-advisory-db-20221102-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-audit-advisory-db-20221102-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.ppc64le"
},
"product_reference": "cargo-audit-advisory-db-20221102-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-audit-advisory-db-20221102-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.s390x"
},
"product_reference": "cargo-audit-advisory-db-20221102-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-audit-advisory-db-20221102-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.x86_64"
},
"product_reference": "cargo-audit-advisory-db-20221102-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-3602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3602"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.s390x",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3602",
"url": "https://www.suse.com/security/cve/CVE-2022-3602"
},
{
"category": "external",
"summary": "SUSE Bug 1204714 for CVE-2022-3602",
"url": "https://bugzilla.suse.com/1204714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.s390x",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.s390x",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-3602"
},
{
"cve": "CVE-2022-36086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-36086"
}
],
"notes": [
{
"category": "general",
"text": "linked_list_allocator is an allocator usable for no_std systems. Prior to version 0.10.2, the heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than `3 * size_of::\u003cusize\u003e` because of metadata write operations. This vulnerability impacts all the initialization functions on the `Heap` and `LockedHeap` types, including `Heap::new`, `Heap::init`, `Heap::init_from_slice`, and `LockedHeap::new`. It also affects multiple uses of the `Heap::extend` method. Version 0.10.2 contains a patch for the issue. As a workaround, ensure that the heap is only initialized with a size larger than `3 * size_of::\u003cusize\u003e` and that the `Heap::extend` method is only called with sizes larger than `2 * size_of::\u003cusize\u003e()`. Also, ensure that the total heap size is (and stays) a multiple of `2 * size_of::\u003cusize\u003e()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.s390x",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-36086",
"url": "https://www.suse.com/security/cve/CVE-2022-36086"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.s390x",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.s390x",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2022-36086"
},
{
"cve": "CVE-2022-3786",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3786"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.\u0027 character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.s390x",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3786",
"url": "https://www.suse.com/security/cve/CVE-2022-3786"
},
{
"category": "external",
"summary": "SUSE Bug 1204714 for CVE-2022-3786",
"url": "https://bugzilla.suse.com/1204714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.s390x",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.s390x",
"openSUSE Tumbleweed:cargo-audit-advisory-db-20221102-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-3786"
}
]
}
OPENSUSE-SU-2024:12475-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libopenssl-3-devel-3.0.7-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: libopenssl-3-devel-3.0.7-1.1 on GA media
Description of the patch: These are all security issues fixed in the libopenssl-3-devel-3.0.7-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12475
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.0.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.0.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.0.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.0.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.0.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.0.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.0.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.0.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.0.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.0.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.0.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-3.0.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libopenssl-3-devel-3.0.7-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libopenssl-3-devel-3.0.7-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12475",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12475-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3358 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3602 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3786 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3786/"
}
],
"title": "libopenssl-3-devel-3.0.7-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12475-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.7-1.1.aarch64",
"product": {
"name": "libopenssl-3-devel-3.0.7-1.1.aarch64",
"product_id": "libopenssl-3-devel-3.0.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.0.7-1.1.aarch64",
"product": {
"name": "libopenssl-3-devel-32bit-3.0.7-1.1.aarch64",
"product_id": "libopenssl-3-devel-32bit-3.0.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.7-1.1.aarch64",
"product": {
"name": "libopenssl3-3.0.7-1.1.aarch64",
"product_id": "libopenssl3-3.0.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.0.7-1.1.aarch64",
"product": {
"name": "libopenssl3-32bit-3.0.7-1.1.aarch64",
"product_id": "libopenssl3-32bit-3.0.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.7-1.1.aarch64",
"product": {
"name": "openssl-3-3.0.7-1.1.aarch64",
"product_id": "openssl-3-3.0.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-doc-3.0.7-1.1.aarch64",
"product": {
"name": "openssl-3-doc-3.0.7-1.1.aarch64",
"product_id": "openssl-3-doc-3.0.7-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.7-1.1.ppc64le",
"product": {
"name": "libopenssl-3-devel-3.0.7-1.1.ppc64le",
"product_id": "libopenssl-3-devel-3.0.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.0.7-1.1.ppc64le",
"product": {
"name": "libopenssl-3-devel-32bit-3.0.7-1.1.ppc64le",
"product_id": "libopenssl-3-devel-32bit-3.0.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.7-1.1.ppc64le",
"product": {
"name": "libopenssl3-3.0.7-1.1.ppc64le",
"product_id": "libopenssl3-3.0.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.0.7-1.1.ppc64le",
"product": {
"name": "libopenssl3-32bit-3.0.7-1.1.ppc64le",
"product_id": "libopenssl3-32bit-3.0.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.7-1.1.ppc64le",
"product": {
"name": "openssl-3-3.0.7-1.1.ppc64le",
"product_id": "openssl-3-3.0.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-3-doc-3.0.7-1.1.ppc64le",
"product": {
"name": "openssl-3-doc-3.0.7-1.1.ppc64le",
"product_id": "openssl-3-doc-3.0.7-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.7-1.1.s390x",
"product": {
"name": "libopenssl-3-devel-3.0.7-1.1.s390x",
"product_id": "libopenssl-3-devel-3.0.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.0.7-1.1.s390x",
"product": {
"name": "libopenssl-3-devel-32bit-3.0.7-1.1.s390x",
"product_id": "libopenssl-3-devel-32bit-3.0.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.7-1.1.s390x",
"product": {
"name": "libopenssl3-3.0.7-1.1.s390x",
"product_id": "libopenssl3-3.0.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.0.7-1.1.s390x",
"product": {
"name": "libopenssl3-32bit-3.0.7-1.1.s390x",
"product_id": "libopenssl3-32bit-3.0.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.7-1.1.s390x",
"product": {
"name": "openssl-3-3.0.7-1.1.s390x",
"product_id": "openssl-3-3.0.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-doc-3.0.7-1.1.s390x",
"product": {
"name": "openssl-3-doc-3.0.7-1.1.s390x",
"product_id": "openssl-3-doc-3.0.7-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.0.7-1.1.x86_64",
"product": {
"name": "libopenssl-3-devel-3.0.7-1.1.x86_64",
"product_id": "libopenssl-3-devel-3.0.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.0.7-1.1.x86_64",
"product": {
"name": "libopenssl-3-devel-32bit-3.0.7-1.1.x86_64",
"product_id": "libopenssl-3-devel-32bit-3.0.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.0.7-1.1.x86_64",
"product": {
"name": "libopenssl3-3.0.7-1.1.x86_64",
"product_id": "libopenssl3-3.0.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.0.7-1.1.x86_64",
"product": {
"name": "libopenssl3-32bit-3.0.7-1.1.x86_64",
"product_id": "libopenssl3-32bit-3.0.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.0.7-1.1.x86_64",
"product": {
"name": "openssl-3-3.0.7-1.1.x86_64",
"product_id": "openssl-3-3.0.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-doc-3.0.7-1.1.x86_64",
"product": {
"name": "openssl-3-doc-3.0.7-1.1.x86_64",
"product_id": "openssl-3-doc-3.0.7-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.0.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.0.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.0.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.0.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.0.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-32bit-3.0.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.aarch64"
},
"product_reference": "libopenssl-3-devel-32bit-3.0.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-32bit-3.0.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-32bit-3.0.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-32bit-3.0.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.s390x"
},
"product_reference": "libopenssl-3-devel-32bit-3.0.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-32bit-3.0.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.x86_64"
},
"product_reference": "libopenssl-3-devel-32bit-3.0.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.aarch64"
},
"product_reference": "libopenssl3-3.0.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.ppc64le"
},
"product_reference": "libopenssl3-3.0.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.s390x"
},
"product_reference": "libopenssl3-3.0.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.0.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.x86_64"
},
"product_reference": "libopenssl3-3.0.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.0.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.aarch64"
},
"product_reference": "libopenssl3-32bit-3.0.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.0.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.ppc64le"
},
"product_reference": "libopenssl3-32bit-3.0.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.0.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.s390x"
},
"product_reference": "libopenssl3-32bit-3.0.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.0.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.x86_64"
},
"product_reference": "libopenssl3-32bit-3.0.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-3.0.7-1.1.aarch64"
},
"product_reference": "openssl-3-3.0.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-3.0.7-1.1.ppc64le"
},
"product_reference": "openssl-3-3.0.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-3.0.7-1.1.s390x"
},
"product_reference": "openssl-3-3.0.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.0.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-3.0.7-1.1.x86_64"
},
"product_reference": "openssl-3-3.0.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.0.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.aarch64"
},
"product_reference": "openssl-3-doc-3.0.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.0.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.ppc64le"
},
"product_reference": "openssl-3-doc-3.0.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.0.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.s390x"
},
"product_reference": "openssl-3-doc-3.0.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.0.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.x86_64"
},
"product_reference": "openssl-3-doc-3.0.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-3358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3358"
}
],
"notes": [
{
"category": "general",
"text": "OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3358",
"url": "https://www.suse.com/security/cve/CVE-2022-3358"
},
{
"category": "external",
"summary": "SUSE Bug 1204226 for CVE-2022-3358",
"url": "https://bugzilla.suse.com/1204226"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-3358"
},
{
"cve": "CVE-2022-3602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3602"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3602",
"url": "https://www.suse.com/security/cve/CVE-2022-3602"
},
{
"category": "external",
"summary": "SUSE Bug 1204714 for CVE-2022-3602",
"url": "https://bugzilla.suse.com/1204714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-3602"
},
{
"cve": "CVE-2022-3786",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3786"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.\u0027 character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3786",
"url": "https://www.suse.com/security/cve/CVE-2022-3786"
},
{
"category": "external",
"summary": "SUSE Bug 1204714 for CVE-2022-3786",
"url": "https://bugzilla.suse.com/1204714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.0.7-1.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.0.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-3786"
}
]
}
OPENSUSE-SU-2024:12479-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
python310-cryptography-38.0.3-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: python310-cryptography-38.0.3-1.1 on GA media
Description of the patch: These are all security issues fixed in the python310-cryptography-38.0.3-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12479
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python310-cryptography-38.0.3-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python310-cryptography-38.0.3-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12479",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12479-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3602 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3786 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3786/"
}
],
"title": "python310-cryptography-38.0.3-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12479-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python310-cryptography-38.0.3-1.1.aarch64",
"product": {
"name": "python310-cryptography-38.0.3-1.1.aarch64",
"product_id": "python310-cryptography-38.0.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python38-cryptography-38.0.3-1.1.aarch64",
"product": {
"name": "python38-cryptography-38.0.3-1.1.aarch64",
"product_id": "python38-cryptography-38.0.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-cryptography-38.0.3-1.1.aarch64",
"product": {
"name": "python39-cryptography-38.0.3-1.1.aarch64",
"product_id": "python39-cryptography-38.0.3-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-cryptography-38.0.3-1.1.ppc64le",
"product": {
"name": "python310-cryptography-38.0.3-1.1.ppc64le",
"product_id": "python310-cryptography-38.0.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python38-cryptography-38.0.3-1.1.ppc64le",
"product": {
"name": "python38-cryptography-38.0.3-1.1.ppc64le",
"product_id": "python38-cryptography-38.0.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-cryptography-38.0.3-1.1.ppc64le",
"product": {
"name": "python39-cryptography-38.0.3-1.1.ppc64le",
"product_id": "python39-cryptography-38.0.3-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-cryptography-38.0.3-1.1.s390x",
"product": {
"name": "python310-cryptography-38.0.3-1.1.s390x",
"product_id": "python310-cryptography-38.0.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python38-cryptography-38.0.3-1.1.s390x",
"product": {
"name": "python38-cryptography-38.0.3-1.1.s390x",
"product_id": "python38-cryptography-38.0.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-cryptography-38.0.3-1.1.s390x",
"product": {
"name": "python39-cryptography-38.0.3-1.1.s390x",
"product_id": "python39-cryptography-38.0.3-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-cryptography-38.0.3-1.1.x86_64",
"product": {
"name": "python310-cryptography-38.0.3-1.1.x86_64",
"product_id": "python310-cryptography-38.0.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python38-cryptography-38.0.3-1.1.x86_64",
"product": {
"name": "python38-cryptography-38.0.3-1.1.x86_64",
"product_id": "python38-cryptography-38.0.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-cryptography-38.0.3-1.1.x86_64",
"product": {
"name": "python39-cryptography-38.0.3-1.1.x86_64",
"product_id": "python39-cryptography-38.0.3-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-cryptography-38.0.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.aarch64"
},
"product_reference": "python310-cryptography-38.0.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-cryptography-38.0.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.ppc64le"
},
"product_reference": "python310-cryptography-38.0.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-cryptography-38.0.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.s390x"
},
"product_reference": "python310-cryptography-38.0.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-cryptography-38.0.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.x86_64"
},
"product_reference": "python310-cryptography-38.0.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-cryptography-38.0.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.aarch64"
},
"product_reference": "python38-cryptography-38.0.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-cryptography-38.0.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.ppc64le"
},
"product_reference": "python38-cryptography-38.0.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-cryptography-38.0.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.s390x"
},
"product_reference": "python38-cryptography-38.0.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-cryptography-38.0.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.x86_64"
},
"product_reference": "python38-cryptography-38.0.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-38.0.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.aarch64"
},
"product_reference": "python39-cryptography-38.0.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-38.0.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.ppc64le"
},
"product_reference": "python39-cryptography-38.0.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-38.0.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.s390x"
},
"product_reference": "python39-cryptography-38.0.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-38.0.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.x86_64"
},
"product_reference": "python39-cryptography-38.0.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-3602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3602"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.x86_64",
"openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.x86_64",
"openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3602",
"url": "https://www.suse.com/security/cve/CVE-2022-3602"
},
{
"category": "external",
"summary": "SUSE Bug 1204714 for CVE-2022-3602",
"url": "https://bugzilla.suse.com/1204714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.x86_64",
"openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.x86_64",
"openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.x86_64",
"openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.x86_64",
"openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-3602"
},
{
"cve": "CVE-2022-3786",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3786"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.\u0027 character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.x86_64",
"openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.x86_64",
"openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3786",
"url": "https://www.suse.com/security/cve/CVE-2022-3786"
},
{
"category": "external",
"summary": "SUSE Bug 1204714 for CVE-2022-3786",
"url": "https://bugzilla.suse.com/1204714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.x86_64",
"openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.x86_64",
"openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python310-cryptography-38.0.3-1.1.x86_64",
"openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python38-cryptography-38.0.3-1.1.x86_64",
"openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python39-cryptography-38.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-3786"
}
]
}
OPENSUSE-SU-2024:12480-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
python310-cryptography-vectors-38.0.3-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: python310-cryptography-vectors-38.0.3-1.1 on GA media
Description of the patch: These are all security issues fixed in the python310-cryptography-vectors-38.0.3-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12480
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python310-cryptography-vectors-38.0.3-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python310-cryptography-vectors-38.0.3-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12480",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12480-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3602 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3786 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3786/"
}
],
"title": "python310-cryptography-vectors-38.0.3-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12480-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python310-cryptography-vectors-38.0.3-1.1.aarch64",
"product": {
"name": "python310-cryptography-vectors-38.0.3-1.1.aarch64",
"product_id": "python310-cryptography-vectors-38.0.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python38-cryptography-vectors-38.0.3-1.1.aarch64",
"product": {
"name": "python38-cryptography-vectors-38.0.3-1.1.aarch64",
"product_id": "python38-cryptography-vectors-38.0.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-cryptography-vectors-38.0.3-1.1.aarch64",
"product": {
"name": "python39-cryptography-vectors-38.0.3-1.1.aarch64",
"product_id": "python39-cryptography-vectors-38.0.3-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-cryptography-vectors-38.0.3-1.1.ppc64le",
"product": {
"name": "python310-cryptography-vectors-38.0.3-1.1.ppc64le",
"product_id": "python310-cryptography-vectors-38.0.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python38-cryptography-vectors-38.0.3-1.1.ppc64le",
"product": {
"name": "python38-cryptography-vectors-38.0.3-1.1.ppc64le",
"product_id": "python38-cryptography-vectors-38.0.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-cryptography-vectors-38.0.3-1.1.ppc64le",
"product": {
"name": "python39-cryptography-vectors-38.0.3-1.1.ppc64le",
"product_id": "python39-cryptography-vectors-38.0.3-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-cryptography-vectors-38.0.3-1.1.s390x",
"product": {
"name": "python310-cryptography-vectors-38.0.3-1.1.s390x",
"product_id": "python310-cryptography-vectors-38.0.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python38-cryptography-vectors-38.0.3-1.1.s390x",
"product": {
"name": "python38-cryptography-vectors-38.0.3-1.1.s390x",
"product_id": "python38-cryptography-vectors-38.0.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-cryptography-vectors-38.0.3-1.1.s390x",
"product": {
"name": "python39-cryptography-vectors-38.0.3-1.1.s390x",
"product_id": "python39-cryptography-vectors-38.0.3-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-cryptography-vectors-38.0.3-1.1.x86_64",
"product": {
"name": "python310-cryptography-vectors-38.0.3-1.1.x86_64",
"product_id": "python310-cryptography-vectors-38.0.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python38-cryptography-vectors-38.0.3-1.1.x86_64",
"product": {
"name": "python38-cryptography-vectors-38.0.3-1.1.x86_64",
"product_id": "python38-cryptography-vectors-38.0.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-cryptography-vectors-38.0.3-1.1.x86_64",
"product": {
"name": "python39-cryptography-vectors-38.0.3-1.1.x86_64",
"product_id": "python39-cryptography-vectors-38.0.3-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-cryptography-vectors-38.0.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.aarch64"
},
"product_reference": "python310-cryptography-vectors-38.0.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-cryptography-vectors-38.0.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.ppc64le"
},
"product_reference": "python310-cryptography-vectors-38.0.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-cryptography-vectors-38.0.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.s390x"
},
"product_reference": "python310-cryptography-vectors-38.0.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-cryptography-vectors-38.0.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.x86_64"
},
"product_reference": "python310-cryptography-vectors-38.0.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-cryptography-vectors-38.0.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.aarch64"
},
"product_reference": "python38-cryptography-vectors-38.0.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-cryptography-vectors-38.0.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.ppc64le"
},
"product_reference": "python38-cryptography-vectors-38.0.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-cryptography-vectors-38.0.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.s390x"
},
"product_reference": "python38-cryptography-vectors-38.0.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-cryptography-vectors-38.0.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.x86_64"
},
"product_reference": "python38-cryptography-vectors-38.0.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-vectors-38.0.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.aarch64"
},
"product_reference": "python39-cryptography-vectors-38.0.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-vectors-38.0.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.ppc64le"
},
"product_reference": "python39-cryptography-vectors-38.0.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-vectors-38.0.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.s390x"
},
"product_reference": "python39-cryptography-vectors-38.0.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-cryptography-vectors-38.0.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.x86_64"
},
"product_reference": "python39-cryptography-vectors-38.0.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-3602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3602"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.x86_64",
"openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.x86_64",
"openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3602",
"url": "https://www.suse.com/security/cve/CVE-2022-3602"
},
{
"category": "external",
"summary": "SUSE Bug 1204714 for CVE-2022-3602",
"url": "https://bugzilla.suse.com/1204714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.x86_64",
"openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.x86_64",
"openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.x86_64",
"openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.x86_64",
"openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-3602"
},
{
"cve": "CVE-2022-3786",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3786"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.\u0027 character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.x86_64",
"openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.x86_64",
"openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3786",
"url": "https://www.suse.com/security/cve/CVE-2022-3786"
},
{
"category": "external",
"summary": "SUSE Bug 1204714 for CVE-2022-3786",
"url": "https://bugzilla.suse.com/1204714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.x86_64",
"openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.x86_64",
"openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python310-cryptography-vectors-38.0.3-1.1.x86_64",
"openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python38-cryptography-vectors-38.0.3-1.1.x86_64",
"openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.aarch64",
"openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.s390x",
"openSUSE Tumbleweed:python39-cryptography-vectors-38.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-3786"
}
]
}
OPENSUSE-SU-2024:12575-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
python310-mitmproxy-9.0.1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: python310-mitmproxy-9.0.1-1.1 on GA media
Description of the patch: These are all security issues fixed in the python310-mitmproxy-9.0.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12575
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-mitmproxy-9.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-mitmproxy-9.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-mitmproxy-9.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-mitmproxy-9.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-mitmproxy-9.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-mitmproxy-9.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-mitmproxy-9.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-mitmproxy-9.0.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python310-mitmproxy-9.0.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python310-mitmproxy-9.0.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12575",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12575-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3602 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3602/"
}
],
"title": "python310-mitmproxy-9.0.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12575-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python310-mitmproxy-9.0.1-1.1.aarch64",
"product": {
"name": "python310-mitmproxy-9.0.1-1.1.aarch64",
"product_id": "python310-mitmproxy-9.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-mitmproxy-9.0.1-1.1.aarch64",
"product": {
"name": "python39-mitmproxy-9.0.1-1.1.aarch64",
"product_id": "python39-mitmproxy-9.0.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-mitmproxy-9.0.1-1.1.ppc64le",
"product": {
"name": "python310-mitmproxy-9.0.1-1.1.ppc64le",
"product_id": "python310-mitmproxy-9.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-mitmproxy-9.0.1-1.1.ppc64le",
"product": {
"name": "python39-mitmproxy-9.0.1-1.1.ppc64le",
"product_id": "python39-mitmproxy-9.0.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-mitmproxy-9.0.1-1.1.s390x",
"product": {
"name": "python310-mitmproxy-9.0.1-1.1.s390x",
"product_id": "python310-mitmproxy-9.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-mitmproxy-9.0.1-1.1.s390x",
"product": {
"name": "python39-mitmproxy-9.0.1-1.1.s390x",
"product_id": "python39-mitmproxy-9.0.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-mitmproxy-9.0.1-1.1.x86_64",
"product": {
"name": "python310-mitmproxy-9.0.1-1.1.x86_64",
"product_id": "python310-mitmproxy-9.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-mitmproxy-9.0.1-1.1.x86_64",
"product": {
"name": "python39-mitmproxy-9.0.1-1.1.x86_64",
"product_id": "python39-mitmproxy-9.0.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-mitmproxy-9.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-mitmproxy-9.0.1-1.1.aarch64"
},
"product_reference": "python310-mitmproxy-9.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-mitmproxy-9.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-mitmproxy-9.0.1-1.1.ppc64le"
},
"product_reference": "python310-mitmproxy-9.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-mitmproxy-9.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-mitmproxy-9.0.1-1.1.s390x"
},
"product_reference": "python310-mitmproxy-9.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-mitmproxy-9.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-mitmproxy-9.0.1-1.1.x86_64"
},
"product_reference": "python310-mitmproxy-9.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-mitmproxy-9.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-mitmproxy-9.0.1-1.1.aarch64"
},
"product_reference": "python39-mitmproxy-9.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-mitmproxy-9.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-mitmproxy-9.0.1-1.1.ppc64le"
},
"product_reference": "python39-mitmproxy-9.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-mitmproxy-9.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-mitmproxy-9.0.1-1.1.s390x"
},
"product_reference": "python39-mitmproxy-9.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-mitmproxy-9.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-mitmproxy-9.0.1-1.1.x86_64"
},
"product_reference": "python39-mitmproxy-9.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-3602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3602"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-mitmproxy-9.0.1-1.1.aarch64",
"openSUSE Tumbleweed:python310-mitmproxy-9.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:python310-mitmproxy-9.0.1-1.1.s390x",
"openSUSE Tumbleweed:python310-mitmproxy-9.0.1-1.1.x86_64",
"openSUSE Tumbleweed:python39-mitmproxy-9.0.1-1.1.aarch64",
"openSUSE Tumbleweed:python39-mitmproxy-9.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:python39-mitmproxy-9.0.1-1.1.s390x",
"openSUSE Tumbleweed:python39-mitmproxy-9.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3602",
"url": "https://www.suse.com/security/cve/CVE-2022-3602"
},
{
"category": "external",
"summary": "SUSE Bug 1204714 for CVE-2022-3602",
"url": "https://bugzilla.suse.com/1204714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-mitmproxy-9.0.1-1.1.aarch64",
"openSUSE Tumbleweed:python310-mitmproxy-9.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:python310-mitmproxy-9.0.1-1.1.s390x",
"openSUSE Tumbleweed:python310-mitmproxy-9.0.1-1.1.x86_64",
"openSUSE Tumbleweed:python39-mitmproxy-9.0.1-1.1.aarch64",
"openSUSE Tumbleweed:python39-mitmproxy-9.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:python39-mitmproxy-9.0.1-1.1.s390x",
"openSUSE Tumbleweed:python39-mitmproxy-9.0.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-mitmproxy-9.0.1-1.1.aarch64",
"openSUSE Tumbleweed:python310-mitmproxy-9.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:python310-mitmproxy-9.0.1-1.1.s390x",
"openSUSE Tumbleweed:python310-mitmproxy-9.0.1-1.1.x86_64",
"openSUSE Tumbleweed:python39-mitmproxy-9.0.1-1.1.aarch64",
"openSUSE Tumbleweed:python39-mitmproxy-9.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:python39-mitmproxy-9.0.1-1.1.s390x",
"openSUSE Tumbleweed:python39-mitmproxy-9.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-3602"
}
]
}
OPENSUSE-SU-2025:14739-1
Vulnerability from csaf_opensuse - Published: 2025-02-06 00:00 - Updated: 2025-02-06 00:00Summary
python311-cryptography-44.0.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: python311-cryptography-44.0.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the python311-cryptography-44.0.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-14739
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python311-cryptography-44.0.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python311-cryptography-44.0.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14739",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14739-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3602 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3786 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3786/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-23931 page",
"url": "https://www.suse.com/security/cve/CVE-2023-23931/"
}
],
"title": "python311-cryptography-44.0.0-1.1 on GA media",
"tracking": {
"current_release_date": "2025-02-06T00:00:00Z",
"generator": {
"date": "2025-02-06T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14739-1",
"initial_release_date": "2025-02-06T00:00:00Z",
"revision_history": [
{
"date": "2025-02-06T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-cryptography-44.0.0-1.1.aarch64",
"product": {
"name": "python311-cryptography-44.0.0-1.1.aarch64",
"product_id": "python311-cryptography-44.0.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-cryptography-44.0.0-1.1.aarch64",
"product": {
"name": "python312-cryptography-44.0.0-1.1.aarch64",
"product_id": "python312-cryptography-44.0.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-cryptography-44.0.0-1.1.aarch64",
"product": {
"name": "python313-cryptography-44.0.0-1.1.aarch64",
"product_id": "python313-cryptography-44.0.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-cryptography-44.0.0-1.1.ppc64le",
"product": {
"name": "python311-cryptography-44.0.0-1.1.ppc64le",
"product_id": "python311-cryptography-44.0.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-cryptography-44.0.0-1.1.ppc64le",
"product": {
"name": "python312-cryptography-44.0.0-1.1.ppc64le",
"product_id": "python312-cryptography-44.0.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-cryptography-44.0.0-1.1.ppc64le",
"product": {
"name": "python313-cryptography-44.0.0-1.1.ppc64le",
"product_id": "python313-cryptography-44.0.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-cryptography-44.0.0-1.1.s390x",
"product": {
"name": "python311-cryptography-44.0.0-1.1.s390x",
"product_id": "python311-cryptography-44.0.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-cryptography-44.0.0-1.1.s390x",
"product": {
"name": "python312-cryptography-44.0.0-1.1.s390x",
"product_id": "python312-cryptography-44.0.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-cryptography-44.0.0-1.1.s390x",
"product": {
"name": "python313-cryptography-44.0.0-1.1.s390x",
"product_id": "python313-cryptography-44.0.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-cryptography-44.0.0-1.1.x86_64",
"product": {
"name": "python311-cryptography-44.0.0-1.1.x86_64",
"product_id": "python311-cryptography-44.0.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-cryptography-44.0.0-1.1.x86_64",
"product": {
"name": "python312-cryptography-44.0.0-1.1.x86_64",
"product_id": "python312-cryptography-44.0.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-cryptography-44.0.0-1.1.x86_64",
"product": {
"name": "python313-cryptography-44.0.0-1.1.x86_64",
"product_id": "python313-cryptography-44.0.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-cryptography-44.0.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64"
},
"product_reference": "python311-cryptography-44.0.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-cryptography-44.0.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le"
},
"product_reference": "python311-cryptography-44.0.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-cryptography-44.0.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x"
},
"product_reference": "python311-cryptography-44.0.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-cryptography-44.0.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64"
},
"product_reference": "python311-cryptography-44.0.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-cryptography-44.0.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64"
},
"product_reference": "python312-cryptography-44.0.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-cryptography-44.0.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le"
},
"product_reference": "python312-cryptography-44.0.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-cryptography-44.0.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x"
},
"product_reference": "python312-cryptography-44.0.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-cryptography-44.0.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64"
},
"product_reference": "python312-cryptography-44.0.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-cryptography-44.0.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64"
},
"product_reference": "python313-cryptography-44.0.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-cryptography-44.0.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le"
},
"product_reference": "python313-cryptography-44.0.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-cryptography-44.0.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x"
},
"product_reference": "python313-cryptography-44.0.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-cryptography-44.0.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64"
},
"product_reference": "python313-cryptography-44.0.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-3602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3602"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3602",
"url": "https://www.suse.com/security/cve/CVE-2022-3602"
},
{
"category": "external",
"summary": "SUSE Bug 1204714 for CVE-2022-3602",
"url": "https://bugzilla.suse.com/1204714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-3602"
},
{
"cve": "CVE-2022-3786",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3786"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.\u0027 character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3786",
"url": "https://www.suse.com/security/cve/CVE-2022-3786"
},
{
"category": "external",
"summary": "SUSE Bug 1204714 for CVE-2022-3786",
"url": "https://bugzilla.suse.com/1204714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-3786"
},
{
"cve": "CVE-2023-23931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-23931"
}
],
"notes": [
{
"category": "general",
"text": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-23931",
"url": "https://www.suse.com/security/cve/CVE-2023-23931"
},
{
"category": "external",
"summary": "SUSE Bug 1208036 for CVE-2023-23931",
"url": "https://bugzilla.suse.com/1208036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python312-cryptography-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-cryptography-44.0.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-23931"
}
]
}
OPENSUSE-SU-2025:14740-1
Vulnerability from csaf_opensuse - Published: 2025-02-06 00:00 - Updated: 2025-02-06 00:00Summary
python311-cryptography-vectors-44.0.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: python311-cryptography-vectors-44.0.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the python311-cryptography-vectors-44.0.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-14740
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python311-cryptography-vectors-44.0.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python311-cryptography-vectors-44.0.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14740",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14740-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:14740-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BYRT4L3ZDCZCJBPH7KDKJTBG4Z4CVCQS/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:14740-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BYRT4L3ZDCZCJBPH7KDKJTBG4Z4CVCQS/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3602 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3786 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3786/"
}
],
"title": "python311-cryptography-vectors-44.0.0-1.1 on GA media",
"tracking": {
"current_release_date": "2025-02-06T00:00:00Z",
"generator": {
"date": "2025-02-06T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14740-1",
"initial_release_date": "2025-02-06T00:00:00Z",
"revision_history": [
{
"date": "2025-02-06T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-cryptography-vectors-44.0.0-1.1.aarch64",
"product": {
"name": "python311-cryptography-vectors-44.0.0-1.1.aarch64",
"product_id": "python311-cryptography-vectors-44.0.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-cryptography-vectors-44.0.0-1.1.aarch64",
"product": {
"name": "python312-cryptography-vectors-44.0.0-1.1.aarch64",
"product_id": "python312-cryptography-vectors-44.0.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-cryptography-vectors-44.0.0-1.1.aarch64",
"product": {
"name": "python313-cryptography-vectors-44.0.0-1.1.aarch64",
"product_id": "python313-cryptography-vectors-44.0.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-cryptography-vectors-44.0.0-1.1.ppc64le",
"product": {
"name": "python311-cryptography-vectors-44.0.0-1.1.ppc64le",
"product_id": "python311-cryptography-vectors-44.0.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-cryptography-vectors-44.0.0-1.1.ppc64le",
"product": {
"name": "python312-cryptography-vectors-44.0.0-1.1.ppc64le",
"product_id": "python312-cryptography-vectors-44.0.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-cryptography-vectors-44.0.0-1.1.ppc64le",
"product": {
"name": "python313-cryptography-vectors-44.0.0-1.1.ppc64le",
"product_id": "python313-cryptography-vectors-44.0.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-cryptography-vectors-44.0.0-1.1.s390x",
"product": {
"name": "python311-cryptography-vectors-44.0.0-1.1.s390x",
"product_id": "python311-cryptography-vectors-44.0.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-cryptography-vectors-44.0.0-1.1.s390x",
"product": {
"name": "python312-cryptography-vectors-44.0.0-1.1.s390x",
"product_id": "python312-cryptography-vectors-44.0.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-cryptography-vectors-44.0.0-1.1.s390x",
"product": {
"name": "python313-cryptography-vectors-44.0.0-1.1.s390x",
"product_id": "python313-cryptography-vectors-44.0.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-cryptography-vectors-44.0.0-1.1.x86_64",
"product": {
"name": "python311-cryptography-vectors-44.0.0-1.1.x86_64",
"product_id": "python311-cryptography-vectors-44.0.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-cryptography-vectors-44.0.0-1.1.x86_64",
"product": {
"name": "python312-cryptography-vectors-44.0.0-1.1.x86_64",
"product_id": "python312-cryptography-vectors-44.0.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-cryptography-vectors-44.0.0-1.1.x86_64",
"product": {
"name": "python313-cryptography-vectors-44.0.0-1.1.x86_64",
"product_id": "python313-cryptography-vectors-44.0.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-cryptography-vectors-44.0.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.aarch64"
},
"product_reference": "python311-cryptography-vectors-44.0.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-cryptography-vectors-44.0.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.ppc64le"
},
"product_reference": "python311-cryptography-vectors-44.0.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-cryptography-vectors-44.0.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.s390x"
},
"product_reference": "python311-cryptography-vectors-44.0.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-cryptography-vectors-44.0.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.x86_64"
},
"product_reference": "python311-cryptography-vectors-44.0.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-cryptography-vectors-44.0.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.aarch64"
},
"product_reference": "python312-cryptography-vectors-44.0.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-cryptography-vectors-44.0.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.ppc64le"
},
"product_reference": "python312-cryptography-vectors-44.0.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-cryptography-vectors-44.0.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.s390x"
},
"product_reference": "python312-cryptography-vectors-44.0.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-cryptography-vectors-44.0.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.x86_64"
},
"product_reference": "python312-cryptography-vectors-44.0.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-cryptography-vectors-44.0.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.aarch64"
},
"product_reference": "python313-cryptography-vectors-44.0.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-cryptography-vectors-44.0.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.ppc64le"
},
"product_reference": "python313-cryptography-vectors-44.0.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-cryptography-vectors-44.0.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.s390x"
},
"product_reference": "python313-cryptography-vectors-44.0.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-cryptography-vectors-44.0.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.x86_64"
},
"product_reference": "python313-cryptography-vectors-44.0.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-3602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3602"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3602",
"url": "https://www.suse.com/security/cve/CVE-2022-3602"
},
{
"category": "external",
"summary": "SUSE Bug 1204714 for CVE-2022-3602",
"url": "https://bugzilla.suse.com/1204714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-3602"
},
{
"cve": "CVE-2022-3786",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3786"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.\u0027 character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3786",
"url": "https://www.suse.com/security/cve/CVE-2022-3786"
},
{
"category": "external",
"summary": "SUSE Bug 1204714 for CVE-2022-3786",
"url": "https://bugzilla.suse.com/1204714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-cryptography-vectors-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python312-cryptography-vectors-44.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-cryptography-vectors-44.0.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-3786"
}
]
}
OPENSUSE-SU-2025:14762-1
Vulnerability from csaf_opensuse - Published: 2025-02-10 00:00 - Updated: 2025-02-10 00:00Summary
python312-mitmproxy-11.1.2-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: python312-mitmproxy-11.1.2-1.1 on GA media
Description of the patch: These are all security issues fixed in the python312-mitmproxy-11.1.2-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-14762
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.1 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python312-mitmproxy-11.1.2-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python312-mitmproxy-11.1.2-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14762",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14762-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24766 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3602 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23217 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23217/"
}
],
"title": "python312-mitmproxy-11.1.2-1.1 on GA media",
"tracking": {
"current_release_date": "2025-02-10T00:00:00Z",
"generator": {
"date": "2025-02-10T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14762-1",
"initial_release_date": "2025-02-10T00:00:00Z",
"revision_history": [
{
"date": "2025-02-10T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python312-mitmproxy-11.1.2-1.1.aarch64",
"product": {
"name": "python312-mitmproxy-11.1.2-1.1.aarch64",
"product_id": "python312-mitmproxy-11.1.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-mitmproxy-11.1.2-1.1.aarch64",
"product": {
"name": "python313-mitmproxy-11.1.2-1.1.aarch64",
"product_id": "python313-mitmproxy-11.1.2-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python312-mitmproxy-11.1.2-1.1.ppc64le",
"product": {
"name": "python312-mitmproxy-11.1.2-1.1.ppc64le",
"product_id": "python312-mitmproxy-11.1.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-mitmproxy-11.1.2-1.1.ppc64le",
"product": {
"name": "python313-mitmproxy-11.1.2-1.1.ppc64le",
"product_id": "python313-mitmproxy-11.1.2-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python312-mitmproxy-11.1.2-1.1.s390x",
"product": {
"name": "python312-mitmproxy-11.1.2-1.1.s390x",
"product_id": "python312-mitmproxy-11.1.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-mitmproxy-11.1.2-1.1.s390x",
"product": {
"name": "python313-mitmproxy-11.1.2-1.1.s390x",
"product_id": "python313-mitmproxy-11.1.2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python312-mitmproxy-11.1.2-1.1.x86_64",
"product": {
"name": "python312-mitmproxy-11.1.2-1.1.x86_64",
"product_id": "python312-mitmproxy-11.1.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-mitmproxy-11.1.2-1.1.x86_64",
"product": {
"name": "python313-mitmproxy-11.1.2-1.1.x86_64",
"product_id": "python313-mitmproxy-11.1.2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-mitmproxy-11.1.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.aarch64"
},
"product_reference": "python312-mitmproxy-11.1.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-mitmproxy-11.1.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.ppc64le"
},
"product_reference": "python312-mitmproxy-11.1.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-mitmproxy-11.1.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.s390x"
},
"product_reference": "python312-mitmproxy-11.1.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-mitmproxy-11.1.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.x86_64"
},
"product_reference": "python312-mitmproxy-11.1.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-mitmproxy-11.1.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.aarch64"
},
"product_reference": "python313-mitmproxy-11.1.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-mitmproxy-11.1.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.ppc64le"
},
"product_reference": "python313-mitmproxy-11.1.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-mitmproxy-11.1.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.s390x"
},
"product_reference": "python313-mitmproxy-11.1.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-mitmproxy-11.1.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.x86_64"
},
"product_reference": "python313-mitmproxy-11.1.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24766"
}
],
"notes": [
{
"category": "general",
"text": "mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response\u0027s HTTP message body. While mitmproxy would only see one request, the target server would see multiple requests. A smuggled request is still captured as part of another request\u0027s body, but it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless mitmproxy is used to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 8.0.0 and above. There are currently no known workarounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.aarch64",
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.ppc64le",
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.s390x",
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.x86_64",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.aarch64",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.ppc64le",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.s390x",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24766",
"url": "https://www.suse.com/security/cve/CVE-2022-24766"
},
{
"category": "external",
"summary": "SUSE Bug 1197381 for CVE-2022-24766",
"url": "https://bugzilla.suse.com/1197381"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.aarch64",
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.ppc64le",
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.s390x",
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.x86_64",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.aarch64",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.ppc64le",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.s390x",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.aarch64",
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.ppc64le",
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.s390x",
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.x86_64",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.aarch64",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.ppc64le",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.s390x",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-10T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2022-24766"
},
{
"cve": "CVE-2022-3602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3602"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.aarch64",
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.ppc64le",
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.s390x",
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.x86_64",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.aarch64",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.ppc64le",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.s390x",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3602",
"url": "https://www.suse.com/security/cve/CVE-2022-3602"
},
{
"category": "external",
"summary": "SUSE Bug 1204714 for CVE-2022-3602",
"url": "https://bugzilla.suse.com/1204714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.aarch64",
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.ppc64le",
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.s390x",
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.x86_64",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.aarch64",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.ppc64le",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.s390x",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.aarch64",
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.ppc64le",
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.s390x",
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.x86_64",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.aarch64",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.ppc64le",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.s390x",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-10T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-3602"
},
{
"cve": "CVE-2025-23217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23217"
}
],
"notes": [
{
"category": "general",
"text": "mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb\u0027s proxy server (bound to `*:8080` by default) to access mitmweb\u0027s internal API (bound to `127.0.0.1:8081` by default). In other words, while the cannot access the API directly, they can access the API through the proxy. An attacker may be able to escalate this SSRF-style access to remote code execution. The mitmproxy and mitmdump tools are unaffected. Only mitmweb is affected. This vulnerability has been fixed in mitmproxy 11.1.2 and above. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.aarch64",
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.ppc64le",
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.s390x",
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.x86_64",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.aarch64",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.ppc64le",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.s390x",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23217",
"url": "https://www.suse.com/security/cve/CVE-2025-23217"
},
{
"category": "external",
"summary": "SUSE Bug 1236890 for CVE-2025-23217",
"url": "https://bugzilla.suse.com/1236890"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.aarch64",
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.ppc64le",
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.s390x",
"openSUSE Tumbleweed:python312-mitmproxy-11.1.2-1.1.x86_64",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.aarch64",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.ppc64le",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.s390x",
"openSUSE Tumbleweed:python313-mitmproxy-11.1.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-10T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-23217"
}
]
}
RHSA-2022:7288
Vulnerability from csaf_redhat - Published: 2022-11-01 18:40 - Updated: 2026-04-14 10:04Summary
Red Hat Security Advisory: openssl security update
Severity
Important
Notes
Topic: An update for openssl is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full strength general purpose cryptography library.
Security Fix(es):
* OpenSSL: X.509 Email Address Buffer Overflow (CVE-2022-3602)
* OpenSSL: X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A stack-based buffer overflow was found in the way OpenSSL processes X.509 certificates with a specially crafted email address field. This issue could cause a server or a client application compiled with OpenSSL to crash when trying to process the malicious certificate.
7.5 (High)
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A stack-based buffer overflow was found in the way OpenSSL processes X.509 certificates with a specially crafted email address field. This issue could cause a server or a client application compiled with OpenSSL to crash or possibly execute remote code when trying to process the malicious certificate.
7.5 (High)
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
17 references
Acknowledgments
Polar Bear
the OpenSSL project
Polar Bear
OpenSSL project
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openssl is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full strength general purpose cryptography library.\n\nSecurity Fix(es):\n\n* OpenSSL: X.509 Email Address Buffer Overflow (CVE-2022-3602)\n\n* OpenSSL: X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:7288",
"url": "https://access.redhat.com/errata/RHSA-2022:7288"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-004",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-004"
},
{
"category": "external",
"summary": "2137723",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137723"
},
{
"category": "external",
"summary": "2139104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139104"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7288.json"
}
],
"title": "Red Hat Security Advisory: openssl security update",
"tracking": {
"current_release_date": "2026-04-14T10:04:58+00:00",
"generator": {
"date": "2026-04-14T10:04:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2022:7288",
"initial_release_date": "2022-11-01T18:40:16+00:00",
"revision_history": [
{
"date": "2022-11-01T18:40:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-01T18:40:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-14T10:04:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.0.1-43.el9_0.src",
"product": {
"name": "openssl-1:3.0.1-43.el9_0.src",
"product_id": "openssl-1:3.0.1-43.el9_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.0.1-43.el9_0?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.0.1-43.el9_0.aarch64",
"product": {
"name": "openssl-1:3.0.1-43.el9_0.aarch64",
"product_id": "openssl-1:3.0.1-43.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.0.1-43.el9_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.0.1-43.el9_0.aarch64",
"product": {
"name": "openssl-libs-1:3.0.1-43.el9_0.aarch64",
"product_id": "openssl-libs-1:3.0.1-43.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.0.1-43.el9_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.0.1-43.el9_0.aarch64",
"product": {
"name": "openssl-debugsource-1:3.0.1-43.el9_0.aarch64",
"product_id": "openssl-debugsource-1:3.0.1-43.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.0.1-43.el9_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.0.1-43.el9_0.aarch64",
"product": {
"name": "openssl-debuginfo-1:3.0.1-43.el9_0.aarch64",
"product_id": "openssl-debuginfo-1:3.0.1-43.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.0.1-43.el9_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.aarch64",
"product": {
"name": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.aarch64",
"product_id": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.1-43.el9_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:3.0.1-43.el9_0.aarch64",
"product": {
"name": "openssl-devel-1:3.0.1-43.el9_0.aarch64",
"product_id": "openssl-devel-1:3.0.1-43.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.0.1-43.el9_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.0.1-43.el9_0.aarch64",
"product": {
"name": "openssl-perl-1:3.0.1-43.el9_0.aarch64",
"product_id": "openssl-perl-1:3.0.1-43.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.0.1-43.el9_0?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.0.1-43.el9_0.ppc64le",
"product": {
"name": "openssl-1:3.0.1-43.el9_0.ppc64le",
"product_id": "openssl-1:3.0.1-43.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.0.1-43.el9_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.0.1-43.el9_0.ppc64le",
"product": {
"name": "openssl-libs-1:3.0.1-43.el9_0.ppc64le",
"product_id": "openssl-libs-1:3.0.1-43.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.0.1-43.el9_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.0.1-43.el9_0.ppc64le",
"product": {
"name": "openssl-debugsource-1:3.0.1-43.el9_0.ppc64le",
"product_id": "openssl-debugsource-1:3.0.1-43.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.0.1-43.el9_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"product": {
"name": "openssl-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"product_id": "openssl-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.0.1-43.el9_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"product": {
"name": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"product_id": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.1-43.el9_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:3.0.1-43.el9_0.ppc64le",
"product": {
"name": "openssl-devel-1:3.0.1-43.el9_0.ppc64le",
"product_id": "openssl-devel-1:3.0.1-43.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.0.1-43.el9_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.0.1-43.el9_0.ppc64le",
"product": {
"name": "openssl-perl-1:3.0.1-43.el9_0.ppc64le",
"product_id": "openssl-perl-1:3.0.1-43.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.0.1-43.el9_0?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.0.1-43.el9_0.x86_64",
"product": {
"name": "openssl-1:3.0.1-43.el9_0.x86_64",
"product_id": "openssl-1:3.0.1-43.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.0.1-43.el9_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.0.1-43.el9_0.x86_64",
"product": {
"name": "openssl-libs-1:3.0.1-43.el9_0.x86_64",
"product_id": "openssl-libs-1:3.0.1-43.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.0.1-43.el9_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.0.1-43.el9_0.x86_64",
"product": {
"name": "openssl-debugsource-1:3.0.1-43.el9_0.x86_64",
"product_id": "openssl-debugsource-1:3.0.1-43.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.0.1-43.el9_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.0.1-43.el9_0.x86_64",
"product": {
"name": "openssl-debuginfo-1:3.0.1-43.el9_0.x86_64",
"product_id": "openssl-debuginfo-1:3.0.1-43.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.0.1-43.el9_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.x86_64",
"product": {
"name": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.x86_64",
"product_id": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.1-43.el9_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:3.0.1-43.el9_0.x86_64",
"product": {
"name": "openssl-devel-1:3.0.1-43.el9_0.x86_64",
"product_id": "openssl-devel-1:3.0.1-43.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.0.1-43.el9_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.0.1-43.el9_0.x86_64",
"product": {
"name": "openssl-perl-1:3.0.1-43.el9_0.x86_64",
"product_id": "openssl-perl-1:3.0.1-43.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.0.1-43.el9_0?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-libs-1:3.0.1-43.el9_0.i686",
"product": {
"name": "openssl-libs-1:3.0.1-43.el9_0.i686",
"product_id": "openssl-libs-1:3.0.1-43.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.0.1-43.el9_0?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.0.1-43.el9_0.i686",
"product": {
"name": "openssl-debugsource-1:3.0.1-43.el9_0.i686",
"product_id": "openssl-debugsource-1:3.0.1-43.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.0.1-43.el9_0?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.0.1-43.el9_0.i686",
"product": {
"name": "openssl-debuginfo-1:3.0.1-43.el9_0.i686",
"product_id": "openssl-debuginfo-1:3.0.1-43.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.0.1-43.el9_0?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.i686",
"product": {
"name": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.i686",
"product_id": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.1-43.el9_0?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:3.0.1-43.el9_0.i686",
"product": {
"name": "openssl-devel-1:3.0.1-43.el9_0.i686",
"product_id": "openssl-devel-1:3.0.1-43.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.0.1-43.el9_0?arch=i686\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.0.1-43.el9_0.s390x",
"product": {
"name": "openssl-1:3.0.1-43.el9_0.s390x",
"product_id": "openssl-1:3.0.1-43.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.0.1-43.el9_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.0.1-43.el9_0.s390x",
"product": {
"name": "openssl-libs-1:3.0.1-43.el9_0.s390x",
"product_id": "openssl-libs-1:3.0.1-43.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.0.1-43.el9_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.0.1-43.el9_0.s390x",
"product": {
"name": "openssl-debugsource-1:3.0.1-43.el9_0.s390x",
"product_id": "openssl-debugsource-1:3.0.1-43.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.0.1-43.el9_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.0.1-43.el9_0.s390x",
"product": {
"name": "openssl-debuginfo-1:3.0.1-43.el9_0.s390x",
"product_id": "openssl-debuginfo-1:3.0.1-43.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.0.1-43.el9_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.s390x",
"product": {
"name": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.s390x",
"product_id": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.0.1-43.el9_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:3.0.1-43.el9_0.s390x",
"product": {
"name": "openssl-devel-1:3.0.1-43.el9_0.s390x",
"product_id": "openssl-devel-1:3.0.1-43.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.0.1-43.el9_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.0.1-43.el9_0.s390x",
"product": {
"name": "openssl-perl-1:3.0.1-43.el9_0.s390x",
"product_id": "openssl-perl-1:3.0.1-43.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.0.1-43.el9_0?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.1-43.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.aarch64"
},
"product_reference": "openssl-1:3.0.1-43.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.1-43.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.ppc64le"
},
"product_reference": "openssl-1:3.0.1-43.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.1-43.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.s390x"
},
"product_reference": "openssl-1:3.0.1-43.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.1-43.el9_0.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.src"
},
"product_reference": "openssl-1:3.0.1-43.el9_0.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.1-43.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.x86_64"
},
"product_reference": "openssl-1:3.0.1-43.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.1-43.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.0.1-43.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.1-43.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.i686"
},
"product_reference": "openssl-debuginfo-1:3.0.1-43.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.1-43.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.1-43.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.s390x"
},
"product_reference": "openssl-debuginfo-1:3.0.1-43.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.1-43.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.0.1-43.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.1-43.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.aarch64"
},
"product_reference": "openssl-debugsource-1:3.0.1-43.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.1-43.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.i686"
},
"product_reference": "openssl-debugsource-1:3.0.1-43.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.1-43.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.0.1-43.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.1-43.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.s390x"
},
"product_reference": "openssl-debugsource-1:3.0.1-43.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.1-43.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.x86_64"
},
"product_reference": "openssl-debugsource-1:3.0.1-43.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.1-43.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.aarch64"
},
"product_reference": "openssl-devel-1:3.0.1-43.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.1-43.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.i686"
},
"product_reference": "openssl-devel-1:3.0.1-43.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.1-43.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.ppc64le"
},
"product_reference": "openssl-devel-1:3.0.1-43.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.1-43.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.s390x"
},
"product_reference": "openssl-devel-1:3.0.1-43.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.1-43.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.x86_64"
},
"product_reference": "openssl-devel-1:3.0.1-43.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.1-43.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.aarch64"
},
"product_reference": "openssl-libs-1:3.0.1-43.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.1-43.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.i686"
},
"product_reference": "openssl-libs-1:3.0.1-43.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.1-43.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.ppc64le"
},
"product_reference": "openssl-libs-1:3.0.1-43.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.1-43.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.s390x"
},
"product_reference": "openssl-libs-1:3.0.1-43.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.1-43.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.x86_64"
},
"product_reference": "openssl-libs-1:3.0.1-43.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.i686"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.1-43.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.aarch64"
},
"product_reference": "openssl-perl-1:3.0.1-43.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.1-43.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.ppc64le"
},
"product_reference": "openssl-perl-1:3.0.1-43.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.1-43.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.s390x"
},
"product_reference": "openssl-perl-1:3.0.1-43.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.1-43.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.x86_64"
},
"product_reference": "openssl-perl-1:3.0.1-43.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.1-43.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.aarch64"
},
"product_reference": "openssl-1:3.0.1-43.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.1-43.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.ppc64le"
},
"product_reference": "openssl-1:3.0.1-43.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.1-43.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.s390x"
},
"product_reference": "openssl-1:3.0.1-43.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.1-43.el9_0.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.src"
},
"product_reference": "openssl-1:3.0.1-43.el9_0.src",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.0.1-43.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.x86_64"
},
"product_reference": "openssl-1:3.0.1-43.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.1-43.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.0.1-43.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.1-43.el9_0.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.i686"
},
"product_reference": "openssl-debuginfo-1:3.0.1-43.el9_0.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.1-43.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.1-43.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.s390x"
},
"product_reference": "openssl-debuginfo-1:3.0.1-43.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.0.1-43.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.0.1-43.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.1-43.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.aarch64"
},
"product_reference": "openssl-debugsource-1:3.0.1-43.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.1-43.el9_0.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.i686"
},
"product_reference": "openssl-debugsource-1:3.0.1-43.el9_0.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.1-43.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.0.1-43.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.1-43.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.s390x"
},
"product_reference": "openssl-debugsource-1:3.0.1-43.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.0.1-43.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.x86_64"
},
"product_reference": "openssl-debugsource-1:3.0.1-43.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.1-43.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.aarch64"
},
"product_reference": "openssl-devel-1:3.0.1-43.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.1-43.el9_0.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.i686"
},
"product_reference": "openssl-devel-1:3.0.1-43.el9_0.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.1-43.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.ppc64le"
},
"product_reference": "openssl-devel-1:3.0.1-43.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.1-43.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.s390x"
},
"product_reference": "openssl-devel-1:3.0.1-43.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.0.1-43.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.x86_64"
},
"product_reference": "openssl-devel-1:3.0.1-43.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.1-43.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.aarch64"
},
"product_reference": "openssl-libs-1:3.0.1-43.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.1-43.el9_0.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.i686"
},
"product_reference": "openssl-libs-1:3.0.1-43.el9_0.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.1-43.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.ppc64le"
},
"product_reference": "openssl-libs-1:3.0.1-43.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.1-43.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.s390x"
},
"product_reference": "openssl-libs-1:3.0.1-43.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.0.1-43.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.x86_64"
},
"product_reference": "openssl-libs-1:3.0.1-43.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.i686"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.0.1-43.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.1-43.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.aarch64"
},
"product_reference": "openssl-perl-1:3.0.1-43.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.1-43.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.ppc64le"
},
"product_reference": "openssl-perl-1:3.0.1-43.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.1-43.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.s390x"
},
"product_reference": "openssl-perl-1:3.0.1-43.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.0.1-43.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.x86_64"
},
"product_reference": "openssl-perl-1:3.0.1-43.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the OpenSSL project"
],
"organization": "Polar Bear",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-3602",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"discovery_date": "2022-10-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2137723"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow was found in the way OpenSSL processes X.509 certificates with a specially crafted email address field. This issue could cause a server or a client application compiled with OpenSSL to crash when trying to process the malicious certificate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenSSL: X.509 Email Address Buffer Overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "As per upstream, the most common situation where this can be triggered is when a server requests client authentication after a malicious client connects. A client connecting to a malicious server is also believed to be vulnerable in the same manner. Only OpenSSL versions 3.0.0 to 3.0.6 are vulnerable to this attack.\nThe OpenSSL binaries in Red Hat Enterprise Linux 9 are compiled with Stack Smashing Protection. Also during the build process, the compiler rearranges the variables in a way that the buffer overflow is only able to overwrite the stack canaries, limiting the maximum impact of this flaw to denial of service. Remote code execution may not be possible in such cases.\n\nRed Hat OpenStack Platform 17 does not ship OpenSSL and is not directly affected by the flaw. However, container images which product ship are of RHEL 9 which were affected. RHOSP have fixed this by respining container images through the following errata: https://access.redhat.com/errata/RHBA-2022:7429",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.src",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.src",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3602"
},
{
"category": "external",
"summary": "RHBZ#2137723",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137723"
},
{
"category": "external",
"summary": "RHSB-2022-004",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3602",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3602"
},
{
"category": "external",
"summary": "https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/",
"url": "https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20221101.txt",
"url": "https://www.openssl.org/news/secadv/20221101.txt"
}
],
"release_date": "2022-11-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-01T18:40:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.",
"product_ids": [
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.src",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.src",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7288"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.src",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.src",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenSSL: X.509 Email Address Buffer Overflow"
},
{
"acknowledgments": [
{
"names": [
"OpenSSL project"
],
"organization": "Polar Bear",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-3786",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"discovery_date": "2022-11-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2139104"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow was found in the way OpenSSL processes X.509 certificates with a specially crafted email address field. This issue could cause a server or a client application compiled with OpenSSL to crash or possibly execute remote code when trying to process the malicious certificate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenSSL: X.509 Email Address Variable Length Buffer Overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "As per upstream, the most common situation where this can be triggered is when a server requests client authentication after a malicious client connects. A client connecting to a malicious server is also believed to be vulnerable in the same manner. Only OpenSSL versions 3.0.0 to 3.0.6 are vulnerable to this attack.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.src",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.src",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3786"
},
{
"category": "external",
"summary": "RHBZ#2139104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139104"
},
{
"category": "external",
"summary": "RHSB-2022-004",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3786",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3786"
},
{
"category": "external",
"summary": "https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/",
"url": "https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20221101.txt",
"url": "https://www.openssl.org/news/secadv/20221101.txt"
}
],
"release_date": "2022-11-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-01T18:40:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.",
"product_ids": [
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.src",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.src",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7288"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.src",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.i686",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.x86_64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.aarch64",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.ppc64le",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.s390x",
"AppStream-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.src",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debuginfo-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-debugsource-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-devel-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.i686",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-libs-debuginfo-1:3.0.1-43.el9_0.x86_64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.aarch64",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.ppc64le",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.s390x",
"BaseOS-9.0.0.Z.MAIN.EUS:openssl-perl-1:3.0.1-43.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenSSL: X.509 Email Address Variable Length Buffer Overflow"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…