CVE-2022-48437

CVSS V2 None CVSS V3 None
Description
An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate.
Overview
  • CVE ID
  • CVE-2022-48437
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-04-12T05:15:07
  • Last Modified Date
  • 2023-04-21T14:17:04
Weakness Enumerations
CWE URL
CWE-295 http://cwe.mitre.org/data/definitions/295.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:* 1 OR 3.6.1
cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:* 1 OR 7.2
References
Reference URL Reference Tags
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.1-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/001_x509.patch.sig
https://github.com/openbsd/src/commit/4f94258c65a918ee3d8670e93916d15bf879e6ec
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-48437
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48437
History
Created Old Value New Value Data Type Notes
2023-04-17 04:36:05 Added to TrackCVE
2023-04-18 16:00:42 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-04-21 15:00:51 2023-04-21T14:17:04 CVE Modified Date updated
2023-04-21 15:00:51 Undergoing Analysis Analyzed Vulnerability Status updated
2023-04-21 15:00:52 Weakness Enumeration new
2023-04-21 15:00:53 CPE Information updated