{"id":15968,"date":"2022-11-02T07:38:28","date_gmt":"2022-11-02T11:38:28","guid":{"rendered":"https:\/\/newsite.inuvika.com\/?p=15968"},"modified":"2023-01-20T10:00:45","modified_gmt":"2023-01-20T14:00:45","slug":"cvd-2022-3602-vulnerabilidad-de-openssl","status":"publish","type":"post","link":"https:\/\/www.inuvika.com\/es\/cvd-2022-3602-openssl-vulnerability\/","title":{"rendered":"Aviso: CVE-2022-3786 y CVE-2022-3602: Desbordamientos del b\u00fafer de direcciones de correo electr\u00f3nico X.509 OpenSSL"},"content":{"rendered":"

Actualizaci\u00f3n de Inuvika relativa a CVE-2022-3786 y CVE-2022-3602: X.509 (desbordamientos del b\u00fafer de direcciones de correo electr\u00f3nico de OpenSSL)<\/p>\n

Visi\u00f3n general<\/h2>\n

Las versiones afectadas del paquete OpenSSL son vulnerables al desbordamiento del b\u00fafer. Puede producirse un desbordamiento de b\u00fafer en la verificaci\u00f3n de certificados X.509, concretamente en la comprobaci\u00f3n de restricciones de nombres. Tenga en cuenta que esto ocurre despu\u00e9s de la verificaci\u00f3n de la firma de la cadena del certificado y requiere que una CA haya firmado el certificado malicioso o que la aplicaci\u00f3n contin\u00fae con la verificaci\u00f3n del certificado a pesar de no poder construir una ruta a un emisor de confianza. Un atacante puede crear una direcci\u00f3n de correo electr\u00f3nico maliciosa para desbordar cuatro bytes controlados por el atacante en la pila. Este desbordamiento del b\u00fafer podr\u00eda provocar un bloqueo (causando una denegaci\u00f3n de servicio) o potencialmente la ejecuci\u00f3n remota de c\u00f3digo.<\/p>\n

En un cliente TLS, esto puede desencadenarse al conectarse a un servidor malicioso.<\/em><\/p>\n

En un servidor TLS, esto puede activarse si el servidor solicita la autenticaci\u00f3n del cliente y se conecta un cliente malicioso.<\/em><\/p>\n

Nota: Los anuncios previos de CVE-2022-3602 describ\u00edan este problema como CR\u00cdTICO. An\u00e1lisis posteriores basados en algunos de los factores atenuantes descritos anteriormente han hecho que se rebaje a ALTO. Se recomienda a los usuarios que actualicen a una nueva versi\u00f3n lo antes posible.<\/p>\n

Impacto en la empresa OVD<\/h2>\n

Los problemas identificados no afectan directamente a los componentes del servicio OVD Enterprise. Sin embargo, se recomienda a los clientes que comprueben la versi\u00f3n de OpenSSL instalada en sus servidores linux utilizando el siguiente comando (con salida de ejemplo):<\/p>\n

% versi\u00f3n de openssl<\/strong>
\nOpenSSL 3.0.5 5 Jul 2022 (Biblioteca: OpenSSL 3.0.5 5 Jul 2022)<\/strong><\/p>\n

Esta vulnerabilidad s\u00f3lo afectar\u00e1 a OpenSSL 3.0.x no 1.1.1<\/p>\n

Inuvika sigue revisando la situaci\u00f3n y asesorar\u00e1 a nuestros clientes sobre cualquier impacto directo en los productos o servicios de Inuvika.<\/p>\n

Recomendaci\u00f3n actual para clientes de OVD Enterprise<\/h2>\n

Inuvika recomienda que los clientes sigan las mejores pr\u00e1cticas de TI y realicen las actualizaciones de mantenimiento recomendadas por el proveedor a medida que se publiquen.<\/p>\n

Se recomienda a los clientes que utilicen una versi\u00f3n OpenSSL 3.0.x afectada que actualicen a OpenSSL 3.0.7 lo antes posible.<\/p>\n

Despu\u00e9s de aplicar un parche, compruebe que el componente funciona como se espera.<\/p>\n

Recursos<\/h2>\n

OpenSSL ha lanzado la versi\u00f3n 3.0.7 a partir del 1 de noviembre de 2022: https:\/\/www.openssl.org\/blog\/blog\/2022\/11\/01\/email-address-overflows\/<\/a><\/p>\n

SANS Internet Storm Center: a Lista de distribuciones Linux afectadas<\/a>
\nDistroWatch: a Lista de distribuciones Linux afectadas<\/a><\/p>\n

Inuvika Recursos de apoyo<\/a><\/p>\n

En las noticias<\/h2>\n

Aviso sobre OpenSSL<\/a>
\nLista de correo de OpenSSL<\/a><\/p>\n

 <\/p>","protected":false},"excerpt":{"rendered":"

Inuvika Update Regarding CVE-2022-3786 and CVE-2022-3602: X.509 (OpenSSL Email Address Buffer Overflows) Overview Affected versions of the OpenSSL package are vulnerable to Buffer Overflow. A buffer overrun can be triggered […]<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[176,67,66],"tags":[70,79],"class_list":["post-15968","post","type-post","status-publish","format-standard","hentry","category-all-posts","category-ovd-enterprise","category-support","tag-announcements","tag-security"],"blocksy_meta":[],"yoast_head":"\nInuvika - Advisory: CVE-2022-3786 and CVE-2022-3602 OpenSSL Vulnerabilities<\/title>\n<meta name=\"description\" content=\"CVE-2022-3786 \/ CVE-2022-3602 security vulnerabilities have been identified that impact multiple versions of OpenSSL 3.0.x\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inuvika.com\/es\/cvd-2022-3602-vulnerabilidad-de-openssl\/\" \/>\n<meta property=\"og:locale\" content=\"es_ES\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Inuvika - Advisory: CVE-2022-3786 and CVE-2022-3602 OpenSSL Vulnerabilities\" \/>\n<meta property=\"og:description\" content=\"CVE-2022-3786 \/ CVE-2022-3602 security vulnerabilities have been identified that impact multiple versions of OpenSSL 3.0.x\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inuvika.com\/es\/cvd-2022-3602-vulnerabilidad-de-openssl\/\" \/>\n<meta property=\"og:site_name\" content=\"Inuvika\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/inuvika\/\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-02T11:38:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-01-20T14:00:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inuvika.com\/wp-content\/uploads\/2018\/10\/inuvika-logo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"718\" \/>\n\t<meta property=\"og:image:height\" content=\"169\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Alex Perkins\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@InuvikaInc\" \/>\n<meta name=\"twitter:site\" content=\"@InuvikaInc\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tiempo de lectura\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/cvd-2022-3602-openssl-vulnerability\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/cvd-2022-3602-openssl-vulnerability\\\/\"},\"author\":{\"name\":\"Alex Perkins\",\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#\\\/schema\\\/person\\\/234ef022f9d350b26d773e0434c339ef\"},\"headline\":\"Advisory: CVE-2022-3786 and CVE-2022-3602: X.509 OpenSSL Email Address Buffer Overflows\",\"datePublished\":\"2022-11-02T11:38:28+00:00\",\"dateModified\":\"2023-01-20T14:00:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/cvd-2022-3602-openssl-vulnerability\\\/\"},\"wordCount\":373,\"publisher\":{\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#organization\"},\"keywords\":[\"Announcements\",\"Security\"],\"articleSection\":[\"All Posts\",\"OVD Enterprise\",\"Support\"],\"inLanguage\":\"es\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/cvd-2022-3602-openssl-vulnerability\\\/\",\"url\":\"https:\\\/\\\/www.inuvika.com\\\/cvd-2022-3602-openssl-vulnerability\\\/\",\"name\":\"Inuvika - Advisory: CVE-2022-3786 and CVE-2022-3602 OpenSSL Vulnerabilities\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#website\"},\"datePublished\":\"2022-11-02T11:38:28+00:00\",\"dateModified\":\"2023-01-20T14:00:45+00:00\",\"description\":\"CVE-2022-3786 \\\/ CVE-2022-3602 security vulnerabilities have been identified that impact multiple versions of OpenSSL 3.0.x\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/cvd-2022-3602-openssl-vulnerability\\\/#breadcrumb\"},\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.inuvika.com\\\/cvd-2022-3602-openssl-vulnerability\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/cvd-2022-3602-openssl-vulnerability\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.inuvika.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Advisory: CVE-2022-3786 and CVE-2022-3602: X.509 OpenSSL Email Address Buffer Overflows\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#website\",\"url\":\"https:\\\/\\\/www.inuvika.com\\\/\",\"name\":\"inuvika.com\",\"description\":\"Apps + Desktops to any device!\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.inuvika.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"es\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#organization\",\"name\":\"Inuvika Inc\",\"url\":\"https:\\\/\\\/www.inuvika.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.inuvika.com\\\/wp-content\\\/uploads\\\/2018\\\/10\\\/inuvika-logo.png\",\"contentUrl\":\"https:\\\/\\\/www.inuvika.com\\\/wp-content\\\/uploads\\\/2018\\\/10\\\/inuvika-logo.png\",\"width\":718,\"height\":169,\"caption\":\"Inuvika Inc\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/inuvika\\\/\",\"https:\\\/\\\/x.com\\\/InuvikaInc\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/inuvika-inc-\\\/\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UC4nWPydrDItH1KMWqfQw8aA\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#\\\/schema\\\/person\\\/234ef022f9d350b26d773e0434c339ef\",\"name\":\"Alex Perkins\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/843e5a6422b327b27f867c0d1b416b7fc083d4f028d5d861a69cc5a92185d7e6?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/843e5a6422b327b27f867c0d1b416b7fc083d4f028d5d861a69cc5a92185d7e6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/843e5a6422b327b27f867c0d1b416b7fc083d4f028d5d861a69cc5a92185d7e6?s=96&d=mm&r=g\",\"caption\":\"Alex Perkins\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Inuvika - Aviso: Vulnerabilidades de OpenSSL CVE-2022-3786 y CVE-2022-3602","description":"Se han detectado vulnerabilidades de seguridad CVE-2022-3786 \/ CVE-2022-3602 que afectan a varias versiones de OpenSSL 3.0.x","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inuvika.com\/es\/cvd-2022-3602-vulnerabilidad-de-openssl\/","og_locale":"es_ES","og_type":"article","og_title":"Inuvika - Advisory: CVE-2022-3786 and CVE-2022-3602 OpenSSL Vulnerabilities","og_description":"CVE-2022-3786 \/ CVE-2022-3602 security vulnerabilities have been identified that impact multiple versions of OpenSSL 3.0.x","og_url":"https:\/\/www.inuvika.com\/es\/cvd-2022-3602-vulnerabilidad-de-openssl\/","og_site_name":"Inuvika","article_publisher":"https:\/\/www.facebook.com\/inuvika\/","article_published_time":"2022-11-02T11:38:28+00:00","article_modified_time":"2023-01-20T14:00:45+00:00","og_image":[{"width":718,"height":169,"url":"https:\/\/www.inuvika.com\/wp-content\/uploads\/2018\/10\/inuvika-logo.jpg","type":"image\/jpeg"}],"author":"Alex Perkins","twitter_card":"summary_large_image","twitter_creator":"@InuvikaInc","twitter_site":"@InuvikaInc","twitter_misc":{"Escrito por":false,"Tiempo de lectura":"2 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inuvika.com\/cvd-2022-3602-openssl-vulnerability\/#article","isPartOf":{"@id":"https:\/\/www.inuvika.com\/cvd-2022-3602-openssl-vulnerability\/"},"author":{"name":"Alex Perkins","@id":"https:\/\/www.inuvika.com\/#\/schema\/person\/234ef022f9d350b26d773e0434c339ef"},"headline":"Advisory: CVE-2022-3786 and CVE-2022-3602: X.509 OpenSSL Email Address Buffer Overflows","datePublished":"2022-11-02T11:38:28+00:00","dateModified":"2023-01-20T14:00:45+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inuvika.com\/cvd-2022-3602-openssl-vulnerability\/"},"wordCount":373,"publisher":{"@id":"https:\/\/www.inuvika.com\/#organization"},"keywords":["Announcements","Security"],"articleSection":["All Posts","OVD Enterprise","Support"],"inLanguage":"es"},{"@type":"WebPage","@id":"https:\/\/www.inuvika.com\/cvd-2022-3602-openssl-vulnerability\/","url":"https:\/\/www.inuvika.com\/cvd-2022-3602-openssl-vulnerability\/","name":"Inuvika - Aviso: Vulnerabilidades de OpenSSL CVE-2022-3786 y CVE-2022-3602","isPartOf":{"@id":"https:\/\/www.inuvika.com\/#website"},"datePublished":"2022-11-02T11:38:28+00:00","dateModified":"2023-01-20T14:00:45+00:00","description":"Se han detectado vulnerabilidades de seguridad CVE-2022-3786 \/ CVE-2022-3602 que afectan a varias versiones de OpenSSL 3.0.x","breadcrumb":{"@id":"https:\/\/www.inuvika.com\/cvd-2022-3602-openssl-vulnerability\/#breadcrumb"},"inLanguage":"es","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inuvika.com\/cvd-2022-3602-openssl-vulnerability\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.inuvika.com\/cvd-2022-3602-openssl-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inuvika.com\/"},{"@type":"ListItem","position":2,"name":"Advisory: CVE-2022-3786 and CVE-2022-3602: X.509 OpenSSL Email Address Buffer Overflows"}]},{"@type":"WebSite","@id":"https:\/\/www.inuvika.com\/#website","url":"https:\/\/www.inuvika.com\/","name":"inuvika.com","description":"Aplicaciones y escritorios en cualquier dispositivo","publisher":{"@id":"https:\/\/www.inuvika.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inuvika.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"es"},{"@type":"Organization","@id":"https:\/\/www.inuvika.com\/#organization","name":"Inuvika Inc","url":"https:\/\/www.inuvika.com\/","logo":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/www.inuvika.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.inuvika.com\/wp-content\/uploads\/2018\/10\/inuvika-logo.png","contentUrl":"https:\/\/www.inuvika.com\/wp-content\/uploads\/2018\/10\/inuvika-logo.png","width":718,"height":169,"caption":"Inuvika Inc"},"image":{"@id":"https:\/\/www.inuvika.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/inuvika\/","https:\/\/x.com\/InuvikaInc","https:\/\/www.linkedin.com\/company\/inuvika-inc-\/","https:\/\/www.youtube.com\/channel\/UC4nWPydrDItH1KMWqfQw8aA"]},{"@type":"Person","@id":"https:\/\/www.inuvika.com\/#\/schema\/person\/234ef022f9d350b26d773e0434c339ef","name":"Alex Perkins","image":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/secure.gravatar.com\/avatar\/843e5a6422b327b27f867c0d1b416b7fc083d4f028d5d861a69cc5a92185d7e6?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/843e5a6422b327b27f867c0d1b416b7fc083d4f028d5d861a69cc5a92185d7e6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/843e5a6422b327b27f867c0d1b416b7fc083d4f028d5d861a69cc5a92185d7e6?s=96&d=mm&r=g","caption":"Alex Perkins"}}]}},"brizy_media":[],"_links":{"self":[{"href":"https:\/\/www.inuvika.com\/es\/wp-json\/wp\/v2\/posts\/15968","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inuvika.com\/es\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inuvika.com\/es\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inuvika.com\/es\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inuvika.com\/es\/wp-json\/wp\/v2\/comments?post=15968"}],"version-history":[{"count":0,"href":"https:\/\/www.inuvika.com\/es\/wp-json\/wp\/v2\/posts\/15968\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.inuvika.com\/es\/wp-json\/wp\/v2\/media?parent=15968"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inuvika.com\/es\/wp-json\/wp\/v2\/categories?post=15968"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inuvika.com\/es\/wp-json\/wp\/v2\/tags?post=15968"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}