{"id":15968,"date":"2022-11-02T07:38:28","date_gmt":"2022-11-02T11:38:28","guid":{"rendered":"https:\/\/newsite.inuvika.com\/?p=15968"},"modified":"2023-01-20T10:00:45","modified_gmt":"2023-01-20T14:00:45","slug":"cvd-2022-3602-vulnerabilidade-do-openssl","status":"publish","type":"post","link":"https:\/\/www.inuvika.com\/pt\/cvd-2022-3602-openssl-vulnerability\/","title":{"rendered":"Consultoria: CVE-2022-3786 e CVE-2022-3602: estouros de buffer do endere\u00e7o de e-mail X.509 OpenSSL"},"content":{"rendered":"

Atualiza\u00e7\u00e3o da Inuvika referente a CVE-2022-3786 e CVE-2022-3602: X.509 (estouro de buffer de endere\u00e7o de e-mail OpenSSL)<\/p>\n

Vis\u00e3o geral<\/h2>\n

As vers\u00f5es afetadas do pacote OpenSSL s\u00e3o vulner\u00e1veis ao estouro de buffer. Um estouro de buffer pode ser acionado na verifica\u00e7\u00e3o de certificados X.509, especificamente na verifica\u00e7\u00e3o de restri\u00e7\u00f5es de nomes. Observe que isso ocorre ap\u00f3s a verifica\u00e7\u00e3o da assinatura da cadeia de certificados e requer que uma CA tenha assinado o certificado malicioso ou que o aplicativo continue a verifica\u00e7\u00e3o do certificado apesar da falha na constru\u00e7\u00e3o de um caminho para um emissor confi\u00e1vel. Um invasor pode criar um endere\u00e7o de e-mail mal-intencionado para estourar quatro bytes controlados pelo invasor na pilha. Esse estouro de buffer pode resultar em uma falha (causando uma nega\u00e7\u00e3o de servi\u00e7o) ou na poss\u00edvel execu\u00e7\u00e3o remota de c\u00f3digo.<\/p>\n

Em um cliente TLS, isso pode ser acionado ao se conectar a um servidor mal-intencionado.<\/em><\/p>\n

Em um servidor TLS, isso pode ser acionado se o servidor solicitar a autentica\u00e7\u00e3o do cliente e um cliente mal-intencionado se conectar.<\/em><\/p>\n

Observa\u00e7\u00e3o: os pr\u00e9-an\u00fancios do CVE-2022-3602 descreveram esse problema como CR\u00cdTICO. Uma an\u00e1lise mais aprofundada, baseada em alguns dos fatores atenuantes descritos acima, fez com que esse problema fosse rebaixado para ALTO. Os usu\u00e1rios ainda s\u00e3o incentivados a atualizar para uma nova vers\u00e3o o mais r\u00e1pido poss\u00edvel.<\/p>\n

Impacto na empresa OVD<\/h2>\n

Os problemas identificados n\u00e3o afetam diretamente os componentes de servi\u00e7o do OVD Enterprise. No entanto, os clientes s\u00e3o aconselhados a verificar a vers\u00e3o do OpenSSL instalada em seus servidores Linux usando o seguinte comando (com exemplo de sa\u00edda):<\/p>\n

% vers\u00e3o openssl<\/strong>
\nOpenSSL 3.0.5 5 jul 2022 (Biblioteca: OpenSSL 3.0.5 5 jul 2022)<\/strong><\/p>\n

Essa vulnerabilidade afetar\u00e1 apenas o OpenSSL 3.0.x e n\u00e3o o 1.1.1<\/p>\n

A Inuvika continua analisando a situa\u00e7\u00e3o e aconselhar\u00e1 nossos clientes sobre quaisquer impactos diretos nos produtos ou servi\u00e7os da Inuvika.<\/p>\n

Recomenda\u00e7\u00e3o atual para clientes do OVD Enterprise<\/h2>\n

A Inuvika recomenda que os clientes sigam as pr\u00e1ticas recomendadas de TI e realizem as atualiza\u00e7\u00f5es de manuten\u00e7\u00e3o recomendadas pelo fornecedor assim que forem lan\u00e7adas.<\/p>\n

Os clientes que usam uma vers\u00e3o afetada do OpenSSL 3.0.x s\u00e3o aconselhados a atualizar para o OpenSSL 3.0.7 o mais r\u00e1pido poss\u00edvel.<\/p>\n

Depois que um patch for aplicado, verifique se o componente est\u00e1 funcionando conforme o esperado.<\/p>\n

Recursos<\/h2>\n

O OpenSSL lan\u00e7ou a vers\u00e3o 3.0.7 em 1\u00ba de novembro de 2022: https:\/\/www.openssl.org\/blog\/blog\/2022\/11\/01\/email-address-overflows\/<\/a><\/p>\n

SANS Internet Storm Center: a Lista de distribui\u00e7\u00f5es Linux afetadas<\/a>
\nDistroWatch: a Lista de distribui\u00e7\u00f5es Linux afetadas<\/a><\/p>\n

Inuvika Recursos de suporte<\/a><\/p>\n

Nas not\u00edcias<\/h2>\n

Aviso da OpenSSL<\/a>
\nLista de discuss\u00e3o do OpenSSL<\/a><\/p>\n

 <\/p>","protected":false},"excerpt":{"rendered":"

Inuvika Update Regarding CVE-2022-3786 and CVE-2022-3602: X.509 (OpenSSL Email Address Buffer Overflows) Overview Affected versions of the OpenSSL package are vulnerable to Buffer Overflow. A buffer overrun can be triggered […]<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[176,67,66],"tags":[70,79],"class_list":["post-15968","post","type-post","status-publish","format-standard","hentry","category-all-posts","category-ovd-enterprise","category-support","tag-announcements","tag-security"],"blocksy_meta":[],"yoast_head":"\nInuvika - Advisory: CVE-2022-3786 and CVE-2022-3602 OpenSSL Vulnerabilities<\/title>\n<meta name=\"description\" content=\"CVE-2022-3786 \/ CVE-2022-3602 security vulnerabilities have been identified that impact multiple versions of OpenSSL 3.0.x\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inuvika.com\/pt\/cvd-2022-3602-vulnerabilidade-do-openssl\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Inuvika - Advisory: CVE-2022-3786 and CVE-2022-3602 OpenSSL Vulnerabilities\" \/>\n<meta property=\"og:description\" content=\"CVE-2022-3786 \/ CVE-2022-3602 security vulnerabilities have been identified that impact multiple versions of OpenSSL 3.0.x\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inuvika.com\/pt\/cvd-2022-3602-vulnerabilidade-do-openssl\/\" \/>\n<meta property=\"og:site_name\" content=\"Inuvika\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/inuvika\/\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-02T11:38:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-01-20T14:00:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inuvika.com\/wp-content\/uploads\/2018\/10\/inuvika-logo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"718\" \/>\n\t<meta property=\"og:image:height\" content=\"169\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Alex Perkins\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@InuvikaInc\" \/>\n<meta name=\"twitter:site\" content=\"@InuvikaInc\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/cvd-2022-3602-openssl-vulnerability\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/cvd-2022-3602-openssl-vulnerability\\\/\"},\"author\":{\"name\":\"Alex Perkins\",\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#\\\/schema\\\/person\\\/234ef022f9d350b26d773e0434c339ef\"},\"headline\":\"Advisory: CVE-2022-3786 and CVE-2022-3602: X.509 OpenSSL Email Address Buffer Overflows\",\"datePublished\":\"2022-11-02T11:38:28+00:00\",\"dateModified\":\"2023-01-20T14:00:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/cvd-2022-3602-openssl-vulnerability\\\/\"},\"wordCount\":373,\"publisher\":{\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#organization\"},\"keywords\":[\"Announcements\",\"Security\"],\"articleSection\":[\"All Posts\",\"OVD Enterprise\",\"Support\"],\"inLanguage\":\"pt-BR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/cvd-2022-3602-openssl-vulnerability\\\/\",\"url\":\"https:\\\/\\\/www.inuvika.com\\\/cvd-2022-3602-openssl-vulnerability\\\/\",\"name\":\"Inuvika - Advisory: CVE-2022-3786 and CVE-2022-3602 OpenSSL Vulnerabilities\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#website\"},\"datePublished\":\"2022-11-02T11:38:28+00:00\",\"dateModified\":\"2023-01-20T14:00:45+00:00\",\"description\":\"CVE-2022-3786 \\\/ CVE-2022-3602 security vulnerabilities have been identified that impact multiple versions of OpenSSL 3.0.x\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/cvd-2022-3602-openssl-vulnerability\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.inuvika.com\\\/cvd-2022-3602-openssl-vulnerability\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/cvd-2022-3602-openssl-vulnerability\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.inuvika.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Advisory: CVE-2022-3786 and CVE-2022-3602: X.509 OpenSSL Email Address Buffer Overflows\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#website\",\"url\":\"https:\\\/\\\/www.inuvika.com\\\/\",\"name\":\"inuvika.com\",\"description\":\"Apps + Desktops to any device!\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.inuvika.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#organization\",\"name\":\"Inuvika Inc\",\"url\":\"https:\\\/\\\/www.inuvika.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.inuvika.com\\\/wp-content\\\/uploads\\\/2018\\\/10\\\/inuvika-logo.png\",\"contentUrl\":\"https:\\\/\\\/www.inuvika.com\\\/wp-content\\\/uploads\\\/2018\\\/10\\\/inuvika-logo.png\",\"width\":718,\"height\":169,\"caption\":\"Inuvika Inc\"},\"image\":{\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/inuvika\\\/\",\"https:\\\/\\\/x.com\\\/InuvikaInc\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/inuvika-inc-\\\/\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UC4nWPydrDItH1KMWqfQw8aA\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.inuvika.com\\\/#\\\/schema\\\/person\\\/234ef022f9d350b26d773e0434c339ef\",\"name\":\"Alex Perkins\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/843e5a6422b327b27f867c0d1b416b7fc083d4f028d5d861a69cc5a92185d7e6?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/843e5a6422b327b27f867c0d1b416b7fc083d4f028d5d861a69cc5a92185d7e6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/843e5a6422b327b27f867c0d1b416b7fc083d4f028d5d861a69cc5a92185d7e6?s=96&d=mm&r=g\",\"caption\":\"Alex Perkins\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Inuvika - Aviso: Vulnerabilidades do OpenSSL CVE-2022-3786 e CVE-2022-3602","description":"Foram identificadas vulnerabilidades de seguran\u00e7a CVE-2022-3786 \/ CVE-2022-3602 que afetam v\u00e1rias vers\u00f5es do OpenSSL 3.0.x","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inuvika.com\/pt\/cvd-2022-3602-vulnerabilidade-do-openssl\/","og_locale":"pt_BR","og_type":"article","og_title":"Inuvika - Advisory: CVE-2022-3786 and CVE-2022-3602 OpenSSL Vulnerabilities","og_description":"CVE-2022-3786 \/ CVE-2022-3602 security vulnerabilities have been identified that impact multiple versions of OpenSSL 3.0.x","og_url":"https:\/\/www.inuvika.com\/pt\/cvd-2022-3602-vulnerabilidade-do-openssl\/","og_site_name":"Inuvika","article_publisher":"https:\/\/www.facebook.com\/inuvika\/","article_published_time":"2022-11-02T11:38:28+00:00","article_modified_time":"2023-01-20T14:00:45+00:00","og_image":[{"width":718,"height":169,"url":"https:\/\/www.inuvika.com\/wp-content\/uploads\/2018\/10\/inuvika-logo.jpg","type":"image\/jpeg"}],"author":"Alex Perkins","twitter_card":"summary_large_image","twitter_creator":"@InuvikaInc","twitter_site":"@InuvikaInc","twitter_misc":{"Escrito por":false,"Est. tempo de leitura":"2 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inuvika.com\/cvd-2022-3602-openssl-vulnerability\/#article","isPartOf":{"@id":"https:\/\/www.inuvika.com\/cvd-2022-3602-openssl-vulnerability\/"},"author":{"name":"Alex Perkins","@id":"https:\/\/www.inuvika.com\/#\/schema\/person\/234ef022f9d350b26d773e0434c339ef"},"headline":"Advisory: CVE-2022-3786 and CVE-2022-3602: X.509 OpenSSL Email Address Buffer Overflows","datePublished":"2022-11-02T11:38:28+00:00","dateModified":"2023-01-20T14:00:45+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inuvika.com\/cvd-2022-3602-openssl-vulnerability\/"},"wordCount":373,"publisher":{"@id":"https:\/\/www.inuvika.com\/#organization"},"keywords":["Announcements","Security"],"articleSection":["All Posts","OVD Enterprise","Support"],"inLanguage":"pt-BR"},{"@type":"WebPage","@id":"https:\/\/www.inuvika.com\/cvd-2022-3602-openssl-vulnerability\/","url":"https:\/\/www.inuvika.com\/cvd-2022-3602-openssl-vulnerability\/","name":"Inuvika - Aviso: Vulnerabilidades do OpenSSL CVE-2022-3786 e CVE-2022-3602","isPartOf":{"@id":"https:\/\/www.inuvika.com\/#website"},"datePublished":"2022-11-02T11:38:28+00:00","dateModified":"2023-01-20T14:00:45+00:00","description":"Foram identificadas vulnerabilidades de seguran\u00e7a CVE-2022-3786 \/ CVE-2022-3602 que afetam v\u00e1rias vers\u00f5es do OpenSSL 3.0.x","breadcrumb":{"@id":"https:\/\/www.inuvika.com\/cvd-2022-3602-openssl-vulnerability\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inuvika.com\/cvd-2022-3602-openssl-vulnerability\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.inuvika.com\/cvd-2022-3602-openssl-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inuvika.com\/"},{"@type":"ListItem","position":2,"name":"Advisory: CVE-2022-3786 and CVE-2022-3602: X.509 OpenSSL Email Address Buffer Overflows"}]},{"@type":"WebSite","@id":"https:\/\/www.inuvika.com\/#website","url":"https:\/\/www.inuvika.com\/","name":"inuvika.com","description":"Aplicativos + desktops em qualquer dispositivo!","publisher":{"@id":"https:\/\/www.inuvika.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inuvika.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/www.inuvika.com\/#organization","name":"Inuvika Inc","url":"https:\/\/www.inuvika.com\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.inuvika.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.inuvika.com\/wp-content\/uploads\/2018\/10\/inuvika-logo.png","contentUrl":"https:\/\/www.inuvika.com\/wp-content\/uploads\/2018\/10\/inuvika-logo.png","width":718,"height":169,"caption":"Inuvika Inc"},"image":{"@id":"https:\/\/www.inuvika.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/inuvika\/","https:\/\/x.com\/InuvikaInc","https:\/\/www.linkedin.com\/company\/inuvika-inc-\/","https:\/\/www.youtube.com\/channel\/UC4nWPydrDItH1KMWqfQw8aA"]},{"@type":"Person","@id":"https:\/\/www.inuvika.com\/#\/schema\/person\/234ef022f9d350b26d773e0434c339ef","name":"Alex Perkins","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/843e5a6422b327b27f867c0d1b416b7fc083d4f028d5d861a69cc5a92185d7e6?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/843e5a6422b327b27f867c0d1b416b7fc083d4f028d5d861a69cc5a92185d7e6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/843e5a6422b327b27f867c0d1b416b7fc083d4f028d5d861a69cc5a92185d7e6?s=96&d=mm&r=g","caption":"Alex Perkins"}}]}},"brizy_media":[],"_links":{"self":[{"href":"https:\/\/www.inuvika.com\/pt\/wp-json\/wp\/v2\/posts\/15968","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inuvika.com\/pt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inuvika.com\/pt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inuvika.com\/pt\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inuvika.com\/pt\/wp-json\/wp\/v2\/comments?post=15968"}],"version-history":[{"count":0,"href":"https:\/\/www.inuvika.com\/pt\/wp-json\/wp\/v2\/posts\/15968\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.inuvika.com\/pt\/wp-json\/wp\/v2\/media?parent=15968"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inuvika.com\/pt\/wp-json\/wp\/v2\/categories?post=15968"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inuvika.com\/pt\/wp-json\/wp\/v2\/tags?post=15968"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}