What is CVE-2022-3786?

CVE-2022-3786 is a vulnerability in Openssl. Published 2022-11-01.

Is CVE-2022-3786 known to be exploited?

45 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Openssl

CVE-2022-3786

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certifi…

EPSS: 0.912 (99.8th percentile) — read the EPSS interpretation.

Affected products

Openssl — versions 3.0.0

Public proof-of-concept exploits

WhatTheFuzz/openssl-fuzz
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
CVEDB/PoC-List
CVEDB/awesome-cve-repo
CVEDB/top
GhostTroops/TOP
IT-Relation-CDC/OpenSSL3.x-Scanner_
MrE-Fog/OpenSSL-2022
NCSC-NL/OpenSSL-2022

References

OpenSSL Advisory (vendor-advisory)
3.0.7 git commit (patch)

Frequently asked questions

What is CVE-2022-3786?: CVE-2022-3786 is a vulnerability in Openssl. Published 2022-11-01.
Is CVE-2022-3786 known to be exploited?: 45 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.