CVE-2022-48437
Severity CVSS v4.0:
Pending analysis
Type:
CWE-295
Improper Certificate Validation
Publication date:
12/04/2023
Last modified:
10/02/2025
Description
An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate.
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:* | 3.6.1 (excluding) | |
| cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:* | 7.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.1-relnotes.txt
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/001_x509.patch.sig
- https://github.com/openbsd/src/commit/4f94258c65a918ee3d8670e93916d15bf879e6ec
- https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.1-relnotes.txt
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/001_x509.patch.sig
- https://github.com/openbsd/src/commit/4f94258c65a918ee3d8670e93916d15bf879e6ec