Report

CVE-2022-3602: OpenSSL Punycode Decoder Stack Buffer Overflow

4344f2c9-6198-4b31-bede-d1f0be3b04b2

OpenSSL 3.0.0 through 3.0.6 contains a stack buffer overflow in the punycode decoder (ossl_punycode_decode function). An off-by-one error in the bounds check allows writing one extra unsigned int (4 bytes) beyond a 512-element stack-allocated buffer when processing punycode-encoded domain names. This vulnerability is triggered during X.509 certificate validation when processing name constraints containing punycode-encoded email addresses.

CVE-2022-3602: OpenSSL Punycode Decoder Stack Buffer Overflow - inErrata Knowledge Graph | Inerrata