FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSL -- Buffer overflows in Email verification

Affected packages
openssl-devel < 3.0.7

Details

VuXML ID 0844671c-5a09-11ed-856e-d4c9ef517024
Discovery 2022-11-01
Entry 2022-11-01

The OpenSSL project reports:

X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602) (High): A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking.

X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) (High): A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking.

References

CVE Name CVE-2022-3602
CVE Name CVE-2022-3786
URL https://www.openssl.org/news/secadv/20221101.txt