You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
could you, please provide me with information whether nmap is affected by those vulnerabilities ?
The text was updated successfully, but these errors were encountered:
Nmap is not affected by these vulnerabilities because Nmap does not perform certificate validation. Ncat, when the --ssl-verify option is used, may be vulnerable.
Just to add one more thing...even though Nmap itself isn't vulnerable, we'll be updating to the patched OpenSSL in the next release. We understand that nobody wants these "vulnerable" OpenSSL DLL's on their system even if they can't technically be exploited. They can still lead to alerts from vulnerability scanners, etc. Thanks @miloslav-zadrazil-solarwinds for the report, and of course @dmiller-nmap for researching the CVE's so quickly.
Describe the bug
Vulnerability scans on nmap release shows high severity issue of OpenSSL 3.0.5 version
could you, please provide me with information whether nmap is affected by those vulnerabilities ?
The text was updated successfully, but these errors were encountered: