CVE-2022-3602: OpenSSL X.509 Email Address 4-byte Buffer Overflow
Table of Contents
Overview
| CVE | CVE-2022-3602 |
| CWE | CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
| CVSS v3.x | 9.8 - Critical |
In this article we would like to inform you about the critical vulnerability in the widely used cryptography library OpenSSL and its use in Matrix42 products. OpenSSL is used to allow secure communication over the internet, which includes generating public/private keys and use of SSL and TLS protocols. This vulnerability affects all OpenSSL versions between 3.0.0 and 3.0.6. A fix is available for the current version 3.0.7. OpenSSL 1.1.1 and 1.0.2 are not affected.
Matrix42 products affected by the OpenSSL vulnerability
OpenSSL is only used in the following products and all other Matrix42 products are not affected.
| Component | Matrix42 Risk evaluation | Required Actions/Recommendations | Note | Fixed Version | Mitigation |
|---|---|---|---|---|---|
| FireScope | Risk-free | None | Product not impacted | N/A | N/A |
| Empirum | Risk-free | None | Product not impacted | N/A | N/A |
| Silverback | Risk-free | None | Product not impacted | N/A | N/A |
Next Steps
Matrix42 will continue to provide updates as necessary in this document.
Updates
Update 1 (2022-11-08)
Empirum is not affected by this vulnerability.
Change log
| Date | Description of change |
|---|---|
| 2022-11-03 | Initial publication |
| 2022-11-08 | Update 1 - Empirum not affected |