Skip to main content
Matrix42 Self-Service Help Center

CVE-2022-3786: OpenSSL X.509 Email Address Variable Length Buffer Overflow

Overview

CVE                  CVE-2022-3786
CWE                CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS v3.x    7.5 - High

In this article we would like to inform you about the critical vulnerability in the widely used cryptography library OpenSSL and its use in Matrix42 products. OpenSSL is used to allow secure communication over the internet, which includes generating public/private keys and use of SSL and TLS protocols. This vulnerability affects all OpenSSL versions between 3.0.0 and 3.0.6. A fix is available for the current version 3.0.7. OpenSSL 1.1.1 and 1.0.2 are not affected.

Matrix42 products affected by the OpenSSL vulnerability

OpenSSL is only used in the following products and all other Matrix42 products are not affected.

Component Matrix42 Risk evaluation Required Actions/Recommendations Note Fixed Version Mitigation

FireScope

Risk-free

None

Product not impacted

N/A

N/A

Empirum

Risk-free

None

Product not impacted

N/A

N/A

Silverback

Risk-free

None

Product not impacted

N/A

N/A

Next Steps

Matrix42 will continue to provide updates as necessary in this document.

Updates

Update 1 (2022-11-08)
Empirum is not affected by this vulnerability.

Change log

Date Description of change
2022-11-03 Initial publication
2022-11-08 Update 1 - Empirum not affected