​
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-625w-vrp6-h2jj

Published

Last updated

https://images.chainguard.dev/security/CGA-625w-vrp6-h2jj
Package

openssl

Latest Update
Fixed
Fixed Version

3.0.7-r1

Aliases
  • CVE-2022-3996
  • GHSA-vr8j-hgmm-jh9r

Severity

7.5

High

CVSS V3

Summary

Denial of service by double-checked locking in openssl-src

Description

If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the -policy' argument to the command line utilities or by calling eitherX509_VERIFY_PARAM_add0_policy()' or `X509_VERIFY_PARAM_set1_policies()' functions.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogResearchEventsTrust CenterDocumentation