CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows

Ramon · November 4, 2022, 9:33pm

Is OpenWrt 22.03.2 (and other versions) vulnerable for CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows?
https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/

Thx Ramon

frollic · November 4, 2022, 9:39pm

Ramon · November 4, 2022, 9:49pm

ok i didnt see that one. So if its not using it by default then that should be good. Would still be good to fix though.

Thx

daniel · November 4, 2022, 10:27pm

Note that this vulnerability was present in the OpenSSL 3.0.x release series while OpenWrt packages OpenSSL 1.1.1 which was not affected.

system · November 14, 2022, 10:28pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.