CVE-2022-3786: OpenSSL X.509 Email Address Variable Length Buffer Overflow
Table of Contents
Overview
CVE CVE-2022-3786
CWE CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS v3.x 7.5 - High
In this article we would like to inform you about the critical vulnerability in the widely used cryptography library Open SSL and its use in Matrix42 products. Open SSL is used to allow secure communication over the internet, which includes generating public/private keys and use of SSL and TLS protocols. This vulnerability affects all Open SSL versions between 3.0.0 and 3.0.6. A fix is available for the current version 3.0.7. Open SSL 1.1.1 and 1.0.2 are not affected.
Matrix42 products affected by the Open SSL vulnerability
Open SSL is only used in the following products and all other Matrix42 products are not affected.
| Component | Matrix42 Risk evaluation | Required Actions/Recommendations | Note | Fixed Version | Mitigation |
| Fire Scope | Risk-free | None | Product not impacted | N/A | N/A |
| Empirum | Risk-free | None | Product not impacted | N/A | N/A |
| Silverback | Risk-free | None | Product not impacted | N/A | N/A |
Next Steps
Matrix42 will continue to provide updates as necessary in this document.
Updates
Update 1 (2022-11-08)
Empirum is not affected by this vulnerability.
Change log
| Date | Description of change |
| 2022-11-03 | Initial publication |
| 2022-11-08 | Update 1 - Empirum not affected |