FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSL -- Buffer overflows in Email verification

Affected packages
		openssl-devel	<	3.0.7

Details

VuXML ID	0844671c-5a09-11ed-856e-d4c9ef517024
Discovery	2022-11-01
Entry	2022-11-01

The OpenSSL project reports:

X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602) (High): A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking.

X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) (High): A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking.

[source]

References

CVE Name	CVE-2022-3602
CVE Name	CVE-2022-3786
URL	https://www.openssl.org/news/secadv/20221101.txt