← Retour aux CVEs

CVE-2022-48437

MEDIUM

5.3

Description

An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate.

Details CVE

Score CVSS v3.15.3

SeveriteMEDIUM

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie4/12/2023

Derniere modification2/10/2025

Sourcenvd

Observations honeypot0

Produits affectes

openbsd:libresslopenbsd:openbsd

Faiblesses (CWE)

CWE-295CWE-295

References

https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.1-relnotes.txt(cve@mitre.org)

https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/001_x509.patch.sig(cve@mitre.org)

https://github.com/openbsd/src/commit/4f94258c65a918ee3d8670e93916d15bf879e6ec(cve@mitre.org)

https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.1-relnotes.txt(af854a3a-2127-422b-91ae-364da2661108)

https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/001_x509.patch.sig(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/openbsd/src/commit/4f94258c65a918ee3d8670e93916d15bf879e6ec(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.