{"id":15968,"date":"2022-11-02T07:38:28","date_gmt":"2022-11-02T11:38:28","guid":{"rendered":"https:\/\/newsite.inuvika.com\/?p=15968"},"modified":"2023-01-20T10:00:45","modified_gmt":"2023-01-20T14:00:45","slug":"cvd-2022-3602-openssl-schwachstelle","status":"publish","type":"post","link":"https:\/\/www.inuvika.com\/de\/cvd-2022-3602-openssl-vulnerability\/","title":{"rendered":"Hinweis: CVE-2022-3786 und CVE-2022-3602: Puffer\u00fcberl\u00e4ufe bei X.509 OpenSSL-E-Mail-Adressen"},"content":{"rendered":"<p>Inuvika-Update zu CVE-2022-3786 und CVE-2022-3602: X.509 (OpenSSL-Puffer\u00fcberl\u00e4ufe bei E-Mail-Adressen)<\/p>\n<h2>\u00dcbersicht<\/h2>\n<p>Betroffene Versionen des OpenSSL-Pakets sind durch einen Puffer\u00fcberlauf verwundbar. Ein Puffer\u00fcberlauf kann bei der \u00dcberpr\u00fcfung von X.509-Zertifikaten ausgel\u00f6st werden, insbesondere bei der \u00dcberpr\u00fcfung von Namensbeschr\u00e4nkungen. Beachten Sie, dass dies nach der \u00dcberpr\u00fcfung der Signatur der Zertifikatskette auftritt und erfordert, dass entweder eine Zertifizierungsstelle das b\u00f6sartige Zertifikat signiert hat oder dass die Anwendung die Zertifikats\u00fcberpr\u00fcfung fortsetzt, obwohl kein Pfad zu einem vertrauensw\u00fcrdigen Aussteller erstellt werden kann. Ein Angreifer kann eine b\u00f6sartige E-Mail-Adresse so gestalten, dass vier vom Angreifer kontrollierte Bytes auf dem Stack \u00fcberlaufen. Dieser Puffer\u00fcberlauf kann zu einem Absturz (und damit zu einer Dienstverweigerung) oder m\u00f6glicherweise zur Ausf\u00fchrung von Remotecode f\u00fchren.<\/p>\n<p><em>Bei einem TLS-Client kann dies durch die Verbindung mit einem b\u00f6sartigen Server ausgel\u00f6st werden.<\/em><\/p>\n<p><em>Bei einem TLS-Server kann dies ausgel\u00f6st werden, wenn der Server eine Client-Authentifizierung anfordert und ein b\u00f6sartiger Client eine Verbindung herstellt.<\/em><\/p>\n<p>Hinweis: In den Vorank\u00fcndigungen zu CVE-2022-3602 wurde dieses Problem als KRITISCH eingestuft. Weitere Analysen, die auf einigen der oben beschriebenen abschw\u00e4chenden Faktoren basieren, haben dazu gef\u00fchrt, dass dieses Problem auf HOCH herabgestuft wurde. Den Benutzern wird weiterhin empfohlen, so bald wie m\u00f6glich auf eine neue Version zu aktualisieren.<\/p>\n<h2>Auswirkungen auf OVD Enterprise<\/h2>\n<p>Die festgestellten Probleme wirken sich nicht direkt auf die OVD Enterprise-Dienstkomponenten aus. Den Kunden wird jedoch empfohlen, die auf ihren Linux-Servern installierte Version von OpenSSL mit dem folgenden Befehl (mit Beispielausgabe) zu \u00fcberpr\u00fcfen:<\/p>\n<p><strong>% openssl-Version<\/strong><br \/>\n<strong>OpenSSL 3.0.5 5 Jul 2022 (Bibliothek: OpenSSL 3.0.5 5 Jul 2022)<\/strong><\/p>\n<p>Diese Sicherheitsl\u00fccke betrifft nur OpenSSL 3.0.x, nicht 1.1.1<\/p>\n<p>Inuvika pr\u00fcft die Situation weiter und wird seine Kunden \u00fcber alle direkten Auswirkungen auf die Produkte und Dienstleistungen von Inuvika informieren.<\/p>\n<h2>Aktuelle Empfehlung f\u00fcr OVD Enterprise-Kunden<\/h2>\n<p>Inuvika empfiehlt seinen Kunden, die bew\u00e4hrten IT-Verfahren zu befolgen und die vom Hersteller empfohlenen Wartungsupdates durchzuf\u00fchren, sobald sie ver\u00f6ffentlicht werden.<\/p>\n<p>Kunden, die eine betroffene OpenSSL 3.0.x-Version verwenden, wird empfohlen, so bald wie m\u00f6glich auf OpenSSL 3.0.7 zu aktualisieren.<\/p>\n<p>\u00dcberpr\u00fcfen Sie nach der Anwendung eines Patches, ob die Komponente wie erwartet funktioniert.<\/p>\n<h2>Ressourcen<\/h2>\n<p>OpenSSL hat am 1. November 2022 die Version 3.0.7 ver\u00f6ffentlicht: <a href=\"https:\/\/www.openssl.org\/blog\/blog\/2022\/11\/01\/email-address-overflows\/\">https:\/\/www.openssl.org\/blog\/blog\/2022\/11\/01\/email-address-overflows\/<\/a><\/p>\n<p>SANS Internet Storm Center: <a href=\"https:\/\/isc.sans.edu\/forums\/diary\/Upcoming+Critical+OpenSSL+Vulnerability+What+will+be+Affected\/29192\">a Liste der betroffenen Linux-Distributionen<\/a><br \/>\nDistroWatch: <a href=\"https:\/\/distrowatch.com\/search.php?pkg=openssl&amp;relation=similar&amp;pkgver=3.&amp;distrorange=InAny#pkgsearch\">a Liste der betroffenen Linux-Distributionen<\/a><\/p>\n<p>Inuvika <a href=\"\/de\/unterstutzung\/\">Ressourcen unterst\u00fctzen<\/a><\/p>\n<h2>In den Nachrichten<\/h2>\n<p><a href=\"https:\/\/www.openssl.org\/news\/secadv\/20221101.txt\">OpenSSL-Beratung<\/a><br \/>\n<a href=\"https:\/\/mta.openssl.org\/pipermail\/openssl-announce\/2022-October\/000238.html\">OpenSSL Mailing-Liste<\/a><\/p>\n<p>&nbsp;<\/p>","protected":false},"excerpt":{"rendered":"<p>Inuvika Update Regarding CVE-2022-3786 and CVE-2022-3602: X.509 (OpenSSL Email Address Buffer Overflows) Overview Affected versions of the OpenSSL package are vulnerable to Buffer Overflow. A buffer overrun can be triggered [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[176,67,66],"tags":[70,79],"class_list":["post-15968","post","type-post","status-publish","format-standard","hentry","category-all-posts","category-ovd-enterprise","category-support","tag-announcements","tag-security"],"blocksy_meta":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Inuvika - Advisory: CVE-2022-3786 and CVE-2022-3602 OpenSSL Vulnerabilities<\/title>\n<meta name=\"description\" content=\"CVE-2022-3786 \/ CVE-2022-3602 security vulnerabilities have been identified that impact multiple versions of OpenSSL 3.0.x\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inuvika.com\/de\/cvd-2022-3602-openssl-schwachstelle\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Inuvika - Advisory: CVE-2022-3786 and CVE-2022-3602 OpenSSL Vulnerabilities\" \/>\n<meta property=\"og:description\" content=\"CVE-2022-3786 \/ CVE-2022-3602 security vulnerabilities have been identified that impact multiple versions of OpenSSL 3.0.x\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inuvika.com\/de\/cvd-2022-3602-openssl-schwachstelle\/\" \/>\n<meta property=\"og:site_name\" content=\"Inuvika\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/inuvika\/\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-02T11:38:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-01-20T14:00:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inuvika.com\/wp-content\/uploads\/2018\/10\/inuvika-logo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"718\" \/>\n\t<meta property=\"og:image:height\" content=\"169\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Alex Perkins\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@InuvikaInc\" \/>\n<meta name=\"twitter:site\" content=\"@InuvikaInc\" \/>\n<meta name=\"twitter:label1\" content=\"Verfasst von\" \/>\n\t<meta name=\"twitter:data1\" content=\"\" \/>\n\t<meta name=\"twitter:label2\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data2\" content=\"2\u00a0Minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/cvd-2022-3602-openssl-vulnerability\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/cvd-2022-3602-openssl-vulnerability\\\/\"},\"author\":{\"name\":\"Alex Perkins\",\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#\\\/schema\\\/person\\\/234ef022f9d350b26d773e0434c339ef\"},\"headline\":\"Advisory: CVE-2022-3786 and CVE-2022-3602: X.509 OpenSSL Email Address Buffer Overflows\",\"datePublished\":\"2022-11-02T11:38:28+00:00\",\"dateModified\":\"2023-01-20T14:00:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/cvd-2022-3602-openssl-vulnerability\\\/\"},\"wordCount\":373,\"publisher\":{\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#organization\"},\"keywords\":[\"Announcements\",\"Security\"],\"articleSection\":[\"All Posts\",\"OVD Enterprise\",\"Support\"],\"inLanguage\":\"de\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/cvd-2022-3602-openssl-vulnerability\\\/\",\"url\":\"https:\\\/\\\/www.inuvika.com\\\/cvd-2022-3602-openssl-vulnerability\\\/\",\"name\":\"Inuvika - Advisory: CVE-2022-3786 and CVE-2022-3602 OpenSSL Vulnerabilities\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#website\"},\"datePublished\":\"2022-11-02T11:38:28+00:00\",\"dateModified\":\"2023-01-20T14:00:45+00:00\",\"description\":\"CVE-2022-3786 \\\/ CVE-2022-3602 security vulnerabilities have been identified that impact multiple versions of OpenSSL 3.0.x\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/cvd-2022-3602-openssl-vulnerability\\\/#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.inuvika.com\\\/cvd-2022-3602-openssl-vulnerability\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/cvd-2022-3602-openssl-vulnerability\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.inuvika.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Advisory: CVE-2022-3786 and CVE-2022-3602: X.509 OpenSSL Email Address Buffer Overflows\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#website\",\"url\":\"https:\\\/\\\/www.inuvika.com\\\/\",\"name\":\"inuvika.com\",\"description\":\"Apps + Desktops to any device!\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.inuvika.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#organization\",\"name\":\"Inuvika Inc\",\"url\":\"https:\\\/\\\/www.inuvika.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.inuvika.com\\\/wp-content\\\/uploads\\\/2018\\\/10\\\/inuvika-logo.png\",\"contentUrl\":\"https:\\\/\\\/www.inuvika.com\\\/wp-content\\\/uploads\\\/2018\\\/10\\\/inuvika-logo.png\",\"width\":718,\"height\":169,\"caption\":\"Inuvika Inc\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/inuvika\\\/\",\"https:\\\/\\\/x.com\\\/InuvikaInc\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/inuvika-inc-\\\/\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UC4nWPydrDItH1KMWqfQw8aA\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#\\\/schema\\\/person\\\/234ef022f9d350b26d773e0434c339ef\",\"name\":\"Alex Perkins\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/843e5a6422b327b27f867c0d1b416b7fc083d4f028d5d861a69cc5a92185d7e6?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/843e5a6422b327b27f867c0d1b416b7fc083d4f028d5d861a69cc5a92185d7e6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/843e5a6422b327b27f867c0d1b416b7fc083d4f028d5d861a69cc5a92185d7e6?s=96&d=mm&r=g\",\"caption\":\"Alex Perkins\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Inuvika - Hinweis: CVE-2022-3786 und CVE-2022-3602 OpenSSL-Schwachstellen","description":"CVE-2022-3786 \/ CVE-2022-3602 Sicherheitsl\u00fccken wurden identifiziert, die mehrere Versionen von OpenSSL 3.0.x betreffen","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inuvika.com\/de\/cvd-2022-3602-openssl-schwachstelle\/","og_locale":"de_DE","og_type":"article","og_title":"Inuvika - Advisory: CVE-2022-3786 and CVE-2022-3602 OpenSSL Vulnerabilities","og_description":"CVE-2022-3786 \/ CVE-2022-3602 security vulnerabilities have been identified that impact multiple versions of OpenSSL 3.0.x","og_url":"https:\/\/www.inuvika.com\/de\/cvd-2022-3602-openssl-schwachstelle\/","og_site_name":"Inuvika","article_publisher":"https:\/\/www.facebook.com\/inuvika\/","article_published_time":"2022-11-02T11:38:28+00:00","article_modified_time":"2023-01-20T14:00:45+00:00","og_image":[{"width":718,"height":169,"url":"https:\/\/www.inuvika.com\/wp-content\/uploads\/2018\/10\/inuvika-logo.jpg","type":"image\/jpeg"}],"author":"Alex Perkins","twitter_card":"summary_large_image","twitter_creator":"@InuvikaInc","twitter_site":"@InuvikaInc","twitter_misc":{"Verfasst von":false,"Gesch\u00e4tzte Lesezeit":"2\u00a0Minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inuvika.com\/cvd-2022-3602-openssl-vulnerability\/#article","isPartOf":{"@id":"https:\/\/www.inuvika.com\/cvd-2022-3602-openssl-vulnerability\/"},"author":{"name":"Alex Perkins","@id":"https:\/\/www.inuvika.com\/#\/schema\/person\/234ef022f9d350b26d773e0434c339ef"},"headline":"Advisory: CVE-2022-3786 and CVE-2022-3602: X.509 OpenSSL Email Address Buffer Overflows","datePublished":"2022-11-02T11:38:28+00:00","dateModified":"2023-01-20T14:00:45+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inuvika.com\/cvd-2022-3602-openssl-vulnerability\/"},"wordCount":373,"publisher":{"@id":"https:\/\/www.inuvika.com\/#organization"},"keywords":["Announcements","Security"],"articleSection":["All Posts","OVD Enterprise","Support"],"inLanguage":"de"},{"@type":"WebPage","@id":"https:\/\/www.inuvika.com\/cvd-2022-3602-openssl-vulnerability\/","url":"https:\/\/www.inuvika.com\/cvd-2022-3602-openssl-vulnerability\/","name":"Inuvika - Hinweis: CVE-2022-3786 und CVE-2022-3602 OpenSSL-Schwachstellen","isPartOf":{"@id":"https:\/\/www.inuvika.com\/#website"},"datePublished":"2022-11-02T11:38:28+00:00","dateModified":"2023-01-20T14:00:45+00:00","description":"CVE-2022-3786 \/ CVE-2022-3602 Sicherheitsl\u00fccken wurden identifiziert, die mehrere Versionen von OpenSSL 3.0.x betreffen","breadcrumb":{"@id":"https:\/\/www.inuvika.com\/cvd-2022-3602-openssl-vulnerability\/#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inuvika.com\/cvd-2022-3602-openssl-vulnerability\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.inuvika.com\/cvd-2022-3602-openssl-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inuvika.com\/"},{"@type":"ListItem","position":2,"name":"Advisory: CVE-2022-3786 and CVE-2022-3602: X.509 OpenSSL Email Address Buffer Overflows"}]},{"@type":"WebSite","@id":"https:\/\/www.inuvika.com\/#website","url":"https:\/\/www.inuvika.com\/","name":"inuvika.de","description":"Apps + Desktops auf jedem Ger\u00e4t!","publisher":{"@id":"https:\/\/www.inuvika.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inuvika.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"},{"@type":"Organization","@id":"https:\/\/www.inuvika.com\/#organization","name":"Inuvika Inc","url":"https:\/\/www.inuvika.com\/","logo":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.inuvika.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.inuvika.com\/wp-content\/uploads\/2018\/10\/inuvika-logo.png","contentUrl":"https:\/\/www.inuvika.com\/wp-content\/uploads\/2018\/10\/inuvika-logo.png","width":718,"height":169,"caption":"Inuvika Inc"},"image":{"@id":"https:\/\/www.inuvika.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/inuvika\/","https:\/\/x.com\/InuvikaInc","https:\/\/www.linkedin.com\/company\/inuvika-inc-\/","https:\/\/www.youtube.com\/channel\/UC4nWPydrDItH1KMWqfQw8aA"]},{"@type":"Person","@id":"https:\/\/www.inuvika.com\/#\/schema\/person\/234ef022f9d350b26d773e0434c339ef","name":"Alex Perkins","image":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/secure.gravatar.com\/avatar\/843e5a6422b327b27f867c0d1b416b7fc083d4f028d5d861a69cc5a92185d7e6?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/843e5a6422b327b27f867c0d1b416b7fc083d4f028d5d861a69cc5a92185d7e6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/843e5a6422b327b27f867c0d1b416b7fc083d4f028d5d861a69cc5a92185d7e6?s=96&d=mm&r=g","caption":"Alex Perkins"}}]}},"brizy_media":[],"_links":{"self":[{"href":"https:\/\/www.inuvika.com\/de\/wp-json\/wp\/v2\/posts\/15968","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inuvika.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inuvika.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inuvika.com\/de\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inuvika.com\/de\/wp-json\/wp\/v2\/comments?post=15968"}],"version-history":[{"count":0,"href":"https:\/\/www.inuvika.com\/de\/wp-json\/wp\/v2\/posts\/15968\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.inuvika.com\/de\/wp-json\/wp\/v2\/media?parent=15968"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inuvika.com\/de\/wp-json\/wp\/v2\/categories?post=15968"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inuvika.com\/de\/wp-json\/wp\/v2\/tags?post=15968"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}