View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2022-3786 severity important: SUSE including 90 source package names (cargo-audit-advisory-db-20221102-1.1, cargo-audit-advisory-db-20250304-160000.2.2, …), 386 product×package rows across 55 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, … (55 product lines)): Known Not Affected 314, Fixed 72.
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.