mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-15 22:04:38 +01:00
27 lines
1.0 KiB
Markdown
27 lines
1.0 KiB
Markdown
```toml
|
|
[advisory]
|
|
id = "RUSTSEC-2022-0027"
|
|
package = "openssl-src"
|
|
aliases = ["CVE-2022-1343", "GHSA-mfm6-r9g2-q4r7"]
|
|
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
|
|
categories = ["crypto-failure"]
|
|
date = "2022-05-03"
|
|
url = "https://www.openssl.org/news/secadv/20220503.txt"
|
|
|
|
[versions]
|
|
patched = [">= 300.0.6"]
|
|
unaffected = ["< 300.0"]
|
|
```
|
|
|
|
# `OCSP_basic_verify` may incorrectly verify the response signing certificate
|
|
|
|
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP
|
|
response. In the case where the (non-default) flag OCSP_NOCHECKS is used then
|
|
the response will be positive (meaning a successful verification) even in the
|
|
case where the response signing certificate fails to verify.
|
|
|
|
It is anticipated that most users of `OCSP_basic_verify` will not use the
|
|
OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return
|
|
a negative value (indicating a fatal error) in the case of a certificate
|
|
verification failure. The normal expected return value in this case would be 0.
|