Russian Vulnerability Scanner Database

Back to List

BDU:2022-06608

Scores

EPSS

0.000none0.0%
0%20%40%60%80%100%

Percentile: 0.0%

CVSS

9.8critical3.x
0246810

CVSS Score: 9.8/10

All CVSS Scores

CVSS 3.x
9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0
10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Description

Уязвимость функционала проверки сертификата X.509 библиотеки OpenSSL связана с переполнением буфера в стеке. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

bdu

Related Vulnerabilities

CVE-2022-3602

Exploits

Exploit ID: CVE-2022-3602

Source: github-poc

URL: https://github.com/cybersecurityworks553/CVE-2022-3602-and-CVE-2022-3786

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3602
https://www.openssl.org/news/secadv/20221101.txt
https://security-tracker.debian.org/tracker/CVE-2022-3602
https://www.suse.com/security/cve/CVE-2022-3602.html
https://access.redhat.com/security/cve/CVE-2022-3602
https://lists.fedoraproject.org/archives/list/package-announce
lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/
https://lists.fedoraproject.org/archives/list/package-announce
lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/
https://ubuntu.com/security/notices/USN-5710-1
http://www.openwall.com/lists/oss-security/2022/11/01/15
http://www.openwall.com/lists/oss-security/2022/11/01/16
http://www.openwall.com/lists/oss-security/2022/11/01/17
http://www.openwall.com/lists/oss-security/2022/11/01/18
http://www.openwall.com/lists/oss-security/2022/11/01/19
http://www.openwall.com/lists/oss-security/2022/11/01/20
http://www.openwall.com/lists/oss-security/2022/11/01/21
http://www.openwall.com/lists/oss-security/2022/11/01/24
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fe3b639dc19b325846f4f6801f2f4604f56e3de3

Recommendations

Source: bdu

Установка обновлений из доверенных источников.
В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков.

Компенсирующие меры:
- использование средств межсетевого экранирования с целью ограничения доступа к недоверенным ресурсам.

Использование рекомендаций производителя:
Для OpenSSL:
https://www.openssl.org/news/secadv/20221101.txt

Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2022-3602

Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2022-3602.html

Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2022-3602

Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/

Для Ubuntu:
https://ubuntu.com/security/notices/USN-5710-1

URL: https://bdu.fstec.ru/vul/2022-06608

Vulnerable Software (66)

Type: Configuration

Vendor: novell inc.

Product: suse linux enterprise high performance computing

Operating System: red hat enterprise linux 9

Trait: 
{  "version_exact": "15 SP4"}

Source: bdu

Type: Configuration

Vendor: novell inc.

Product: suse linux enterprise high performance computing

Operating System: fedora 37

Trait: 
{  "version_exact": "15 SP4"}

Source: bdu

Type: Configuration

Vendor: novell inc.

Product: suse linux enterprise high performance computing

Operating System: suse linux enterprise server 15 SP4

Trait: 
{  "version_exact": "15 SP4"}

Source: bdu

Type: Configuration

Vendor: novell inc.

Product: suse linux enterprise high performance computing

Operating System: suse linux enterprise desktop 15 SP4

Trait: 
{  "version_exact": "15 SP4"}

Source: bdu

Type: Configuration

Vendor: novell inc.

Product: suse linux enterprise high performance computing

Operating System: suse linux enterprise server for sap applications 15 SP4

Trait: 
{  "version_exact": "15 SP4"}

Source: bdu

Type: Configuration

Vendor: novell inc.

Product: suse linux enterprise high performance computing

Operating System: ubuntu 22.04 LTS

Trait: 
{  "version_exact": "15 SP4"}

Source: bdu

Type: Configuration

Vendor: novell inc.

Product: suse linux enterprise high performance computing

Operating System: ubuntu 22.10

Trait: 
{  "version_exact": "15 SP4"}

Source: bdu

Type: Configuration

Vendor: novell inc.

Product: suse linux enterprise high performance computing

Operating System: debian gnu/linux 10

Trait: 
{  "version_exact": "15 SP4"}

Source: bdu

Type: Configuration

Vendor: novell inc.

Product: suse linux enterprise high performance computing

Operating System: debian gnu/linux 11

Trait: 
{  "version_exact": "15 SP4"}

Source: bdu

Type: Configuration

Vendor: novell inc.

Product: suse linux enterprise high performance computing

Operating System: opensuse leap 15.4

Trait: 
{  "version_exact": "15 SP4"}

Source: bdu

Type: Configuration

Vendor: novell inc.

Product: suse linux enterprise high performance computing

Operating System: fedora 36

Trait: 
{  "version_exact": "15 SP4"}

Source: bdu

Type: Configuration

Vendor: novell inc.

Product: suse linux enterprise module for basesystem

Operating System: red hat enterprise linux 9

Trait: 
{  "version_exact": "15 SP4"}

Source: bdu

Type: Configuration

Vendor: novell inc.

Product: suse linux enterprise module for basesystem

Operating System: fedora 37

Trait: 
{  "version_exact": "15 SP4"}

Source: bdu

Type: Configuration

Vendor: novell inc.

Product: suse linux enterprise module for basesystem

Operating System: suse linux enterprise server 15 SP4

Trait: 
{  "version_exact": "15 SP4"}

Source: bdu

Type: Configuration

Vendor: novell inc.

Product: suse linux enterprise module for basesystem

Operating System: suse linux enterprise desktop 15 SP4

Trait: 
{  "version_exact": "15 SP4"}

Source: bdu

Type: Configuration

Vendor: novell inc.

Product: suse linux enterprise module for basesystem

Operating System: suse linux enterprise server for sap applications 15 SP4

Trait: 
{  "version_exact": "15 SP4"}

Source: bdu

Type: Configuration

Vendor: novell inc.

Product: suse linux enterprise module for basesystem

Operating System: ubuntu 22.04 LTS

Trait: 
{  "version_exact": "15 SP4"}

Source: bdu

Type: Configuration

Vendor: novell inc.

Product: suse linux enterprise module for basesystem

Operating System: ubuntu 22.10

Trait: 
{  "version_exact": "15 SP4"}

Source: bdu

Type: Configuration

Vendor: novell inc.

Product: suse linux enterprise module for basesystem

Operating System: debian gnu/linux 11

Trait: 
{  "version_exact": "15 SP4"}

Source: bdu

Type: Configuration

Vendor: novell inc.

Product: suse linux enterprise module for basesystem

Operating System: fedora 36

Trait: 
{  "version_exact": "15 SP4"}

Source: bdu