// For flags

CVE-2022-3996

X.509 Policy Constraints Double Locking

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

If an X.509 certificate contains a malformed policy constraint and
policy processing is enabled, then a write lock will be taken twice
recursively. On some operating systems (most widely: Windows) this
results in a denial of service when the affected process hangs. Policy
processing being enabled on a publicly facing server is not considered
to be a common setup.

Policy processing is enabled by passing the `-policy'
argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.

Update (31 March 2023): The description of the policy processing enablement
was corrected based on CVE-2023-0466.

Si un certificado X.509 contiene una restricción de política con formato incorrecto y el procesamiento de políticas está habilitado, se aplicará un bloqueo de escritura dos veces de forma recursiva. En algunos sistemas operativos (más ampliamente: Windows), esto resulta en una Denegación de Servicio (DoS) cuando el proceso afectado se bloquea. La habilitación del procesamiento de políticas en un servidor público no se considera una configuración común. El procesamiento de políticas se habilita pasando el argumento `-policy' a las utilidades de línea de comando o llamando a la función `X509_VERIFY_PARAM_set1_policies()'. Actualización (31 de marzo de 2023): la descripción de la habilitación del procesamiento de políticas se corrigió según CVE-2023-0466.

*Credits: Polar Bear, Paul Dale
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2022-11-15 CVE Reserved
  • 2022-12-13 CVE Published
  • 2024-07-05 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-667: Improper Locking
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
>= 3.0.0 <= 3.0.7
Search vendor "Openssl" for product "Openssl" and version " >= 3.0.0 <= 3.0.7"
-
Affected