{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T02:30:27.930","vulnerabilities":[{"cve":{"id":"CVE-2022-3996","sourceIdentifier":"openssl-security@openssl.org","published":"2022-12-13T16:15:22.007","lastModified":"2024-11-21T07:20:42.003","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"If an X.509 certificate contains a malformed policy constraint and\npolicy processing is enabled, then a write lock will be taken twice\nrecursively.  On some operating systems (most widely: Windows) this\nresults in a denial of service when the affected process hangs.  Policy\nprocessing being enabled on a publicly facing server is not considered\nto be a common setup.\n\nPolicy processing is enabled by passing the `-policy'\nargument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.\n\nUpdate (31 March 2023): The description of the policy processing enablement\nwas corrected based on CVE-2023-0466."},{"lang":"es","value":"Si un certificado X.509 contiene una restricción de política con formato incorrecto y el procesamiento de políticas está habilitado, se aplicará un bloqueo de escritura dos veces de forma recursiva. En algunos sistemas operativos (más ampliamente: Windows), esto resulta en una Denegación de Servicio (DoS) cuando el proceso afectado se bloquea. La habilitación del procesamiento de políticas en un servidor público no se considera una configuración común. El procesamiento de políticas se habilita pasando el argumento `-policy' a las utilidades de línea de comando o llamando a la función `X509_VERIFY_PARAM_set1_policies()'. Actualización (31 de marzo de 2023): la descripción de la habilitación del procesamiento de políticas se corrigió según CVE-2023-0466."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"openssl-security@openssl.org","type":"Secondary","description":[{"lang":"en","value":"CWE-667"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-667"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndIncluding":"3.0.7","matchCriteriaId":"26EF8A48-B8E5-4D4D-8054-445D65171EAC"}]}]}],"references":[{"url":"https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7","source":"openssl-security@openssl.org","tags":["Patch","Third Party Advisory"]},{"url":"https://www.openssl.org/news/secadv/20221213.txt","source":"openssl-security@openssl.org","tags":["Vendor Advisory"]},{"url":"https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20230203-0003/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.openssl.org/news/secadv/20221213.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}