Impact
A buffer overrun exists in OpenSSL, which can be triggered during X.509 certificate verification, specifically in name constraint checking. This occurs after certificate chain signature verification and requires either a Certificate Authority to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted Issuer.
When running scope against a client application, this can be triggered by connecting to a malicious server. When running scope against a server or application accepting inbound connections using TLS, this can be triggered if the server or application requests client authentication and a malicious client connects.
Patches
AppScope 1.2.2 and above
Workarounds
There are no effective workarounds beyond upgrading.
References
#1182
CVE-2022-3602
For More Information
If you have any questions or comments about this advisory, please email us at security@cribl.io to reach our product security group.
Impact
A buffer overrun exists in OpenSSL, which can be triggered during X.509 certificate verification, specifically in name constraint checking. This occurs after certificate chain signature verification and requires either a Certificate Authority to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted Issuer.
When running
scopeagainst a client application, this can be triggered by connecting to a malicious server. When runningscopeagainst a server or application accepting inbound connections using TLS, this can be triggered if the server or application requests client authentication and a malicious client connects.Patches
AppScope 1.2.2 and above
Workarounds
There are no effective workarounds beyond upgrading.
References
#1182
CVE-2022-3602
For More Information
If you have any questions or comments about this advisory, please email us at security@cribl.io to reach our product security group.