CVE-2022-3786: OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrun

Overview

Severity

N/A

Exploit Status

Not Exploited

Exploitation Likelihood

More Likely

Patch Tuesday

2022-Nov

Released

2022-11-02

EPSS Score

20.63% (percentile: 95.6%)

FAQ

Why is this OpenSSL Software Foundation CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by the Microsoft products listed in the Security Updates table and are known to be affected. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. Where can I find further guidance for this OpenSSL vulnerability? For more information and guidance see Awareness and guidance related to OpenSSL 3.0 - 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602).

Detection & Weaponization (1 sources)

Maturity: Exploit

• GitHub PoC: 1 repositories

Affected Products (3)

Azure

• Microsoft Azure Kubernetes Service
• Azure SDK for C++

Open Source Software

• vcpkg

Security Updates (2)

• Release Notes
• Release Notes

Revision History

• 2022-11-02: Information published.