Home > Vulnerability Database > CVE-2022-3996

Mend.io Vulnerability Database

CVE-2022-3996

Good to know:

Date: December 13, 2022

If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Update (31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466.

Language: RUST

Severity Score

7.5

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-3996

Url: https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7

Url: https://github.com/alexcrichton/openssl-src-rs

Url: https://www.openssl.org/news/secadv/20221213.txt

Url: https://www.mend.io/vulnerability-database/CVE-2022-3996

Severity Score

7.5

Weakness Type (CWE)

Improper Locking

CWE-667

Top Fix

Upgrade Version

Upgrade to version openssl-3.0.8

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-3996

Good to know:

Date: December 13, 2022

Language: RUST

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?