virus logo FortiClient Vulnerability

OpenSSL CVE-2022-3996 Denial of Service Vulnerability

description-logoDescription

If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the `-policy\' argument to the command line utilities or by calling either `X509_VERIFY_PARAM_add0_policy()\' or `X509_VERIFY_PARAM_set1_policies()\' functions.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2022-3996

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 74205
Created Dec 18, 2022
Description
Updated		 Dec 18, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor OpenSSL
Patch manual
Application OpenSSL