VDB

CVE-2022-46393

CVE-2022-46393 PUBLISHED CVSS 7.5 HIGH

An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.

EPSS 0.93% · 76.4th percentile

Risk Scores

CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.93%
76.4th percentile

Affected Products

VendorProductVersions
OpenSSLOpenSSL3.0.0

Timeline

  • Jun 28, 2021 PoC Published
  • Dec 11, 2021 PoC Published
  • Dec 13, 2021 PoC Published
  • Dec 18, 2021 PoC Published
  • Apr 7, 2022 PoC Published
  • Jun 7, 2022 PoC Published
  • Sep 16, 2022 PoC Published
  • Dec 15, 2022 CVE Published
  • Dec 16, 2022 EPSS Score
  • Jan 27, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 9, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›