OpenSSL before buffer overflow

OpenSSL before buffer overflow

Advisory ID	CVE Number	Date discovered	Severity	Advisory revision
STORM-2022-026	CVE-2022-3602 , CVE-2022-3786	11/02/2022	medium	v1

Vulnerability details

Component OpenSSL is sensitive to buffer overflow.

Impacted products

Products	Severity	Detail
Stormshield Management Center	medium	HIgh

Revisions

Version	Date	Description
v1		Initial release

Stormshield Management Center

CVSS v3.1 Overall Score: 5.5

Analysis	Impacted version
Buffer overflow can lead a denial of service	SMC 3.3.1 and lower

Workaround solution	Solution
There is no workaround solution.	The 3.3.2 update will fix this vulnerability.

Attack Vector	Attack Complexity	Privileges Required	User Interaction	Scope	Confidentiality Impact	Integrity Impact	Availability impact
Local	High	None	None	Unchanged	None	None	High

CVSS Base score: 5.1	CVSS Vector: (AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Exploit Code Maturity	Remediation Level	Report Confidence
Unproven that exploit exists	Official fix	Unknown

CVSS Temporal score: 4.1	CVSS Vector: (AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:U)

Confidentiality Requirement	Integrity Requirement	Availability Requirement
Medium	High	High

CVSS Environmental score: 5.5	CVSS Vector: (AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:U/CR:M/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)

RSS Feed Contact Report a vulnerability Legal terms STORMSHIELD Corporate website Personal Data