CVE-2022-3996
CVE Details
Last Update
10/14/24
NIST CVE Summary
If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will
be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when
the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common
setup. Policy processing is enabled by passing the
-policy' argument to the command line utilities or by calling the
X509_VERIFY_PARAM_set1_policies()' function. Update
(31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466.
Our Official Summary
Investigation is ongoing to determine how this vulnerability affects our products.
CVE Severity
Status
Ongoing
Affected Products & Versions
- Palette Enterprise 4.5.3
- Palette VerteX 4.5.3
Revision History
- 1.0 10/14/24 Initial Publication
- 2.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products