As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

Product support

Security Advisories

SUMMARY

Moxa’s Response Regarding the OpenSSL X.509 Email Address 4-byte Buffer Overflow Vulnerability (CVE-2022-3602)

  • Security Advisory ID: MPSA-221101
  • Version: V1.0
  • Release Date: Nov 04, 2022
  • Reference:

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. This occurs after the certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failing to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution.

Moxa has completed our review and determined that none of our products are impacted by this vulnerability.

AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

Moxa has determined that none of our products are affected.

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First Release Nov 04, 2022
  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
Feedback