How severe is CVE-2022-3996?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2022-3996?

This is classified as CWE-667, which is a common weakness in software security.

CVE-2022-3996 - HIGH Severity | CVSS 7.5

Vulnerability Description

If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Update (31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466.

Related Vulnerabilities

CVE-2002-1850

HIGH

CVSS:7.5(High)

mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data t...

CWE-6672002

CVE-2004-0174

HIGH

CVSS:7.5(High)

Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "s...

CWE-6672004

CVE-2006-2275

HIGH

CVSS:7.5(High)

Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickl...

CWE-6672006

CVE-2006-5158

HIGH

CVSS:7.5(High)

The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified ve...

CWE-6672006

CVE-2009-2699

HIGH

CVSS:7.5(High)

The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products,...

CWE-6672009

CVE-2009-4272

HIGH

CVSS:7.5(High)

A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that fo...

CWE-6672009