Miggo Logo

CVE-2022-3996: Denial of service by double-checked locking in openssl-src

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.40782%
Published
12/13/2022
Updated
10/2/2024
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
openssl-srcrust>= 300.0.0, < 300.0.12300.0.12

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper recursive locking in policy constraint handling. The commit diff shows the fix removed a CRYPTO_THREAD_write_lock() call in ossl_policy_cache_set_mapping, which was causing a double-lock scenario. This function is part of the policy processing logic triggered when X509_VERIFY_PARAM_add0_policy() or X509_VERIFY_PARAM_set1_policies() are used, but the actual locking vulnerability resides in ossl_policy_cache_set_mapping during certificate validation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

I* *n X.*** **rti*i**t* *ont*ins * m*l*orm** poli*y *onstr*int *n* poli*y pro**ssin* is *n**l**, t**n * writ* lo*k will ** t*k*n twi** r**ursiv*ly. On som* op*r*tin* syst*ms (most wi**ly: Win*ows) t*is r*sults in * **ni*l o* s*rvi** w**n t** *****t**

Reasoning

T** vuln*r**ility st*ms *rom improp*r r**ursiv* lo*kin* in poli*y *onstr*int **n*lin*. T** *ommit *i** s*ows t** *ix r*mov** * *RYPTO_T*R***_writ*_lo*k() **ll in ossl_poli*y_*****_s*t_m*ppin*, w*i** w*s **usin* * *ou*l*-lo*k s**n*rio. T*is *un*tion i