Sign In with your
Trend Micro Account

若您需要技術支援,請 按此建立案件。

SECURITY ALERT: OpenSSL 3.x X.509 Email Address Buffer Overflows (CVE-2022-3602, CVE-2022-3786)

    • 更新於:
    • 9 Feb 2023
    • 產品/版本:
    • 作業系統:
Updated on Feb. 9, 2023 to include updated product status

The OpenSSL Project team has formally disclosed two new vulnerabilities related to X.509 Email Address Buffer Overflows, with the formal assignments of CVE-2022-3602 and CVE-2022-3786). 

Earlier reports had indicated that at least one of the vulnerabilities were rated as CRITICAL, but based on further analysis, both have been downgraded to HIGH.  Nonetheless, users are still advised to upgrade to the newly released 3.0.7 version as soon as possible.

Trend Micro Research is assessing the newly released patch and available information to see what potential proactive protections can be put in place.  At this time, there are no known exploits in the wild of either of these vulnerabilities.

Additional Background Information

OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites. OpenSSL contains an open-source implementation of the SSL and TLS protocols (Wikipedia).

OpenSSL 3.0 was released in September 2021 and this latest version is included in the most recent versions of several popular Linux distributions.  OpenSSL is also widely used in security technology used to protect against Internet intrusions, but versions can vary widely depending on usage.

More specific background information can be found in the following Trend Micro blog:  Latest on OpenSSL 3.0.7 Critical Bug & Security Fix .

The most direct way for administrators to validate what version of OpenSSL they may have deployed is to utilize the following command:

openssl version

Please note this command is only for installed versions of OpenSSL and would not cover specific libraries that may be embedded or included as part of commercial applications.  Administrators should check with their application vendors for updated information on potential packages that may need updates. 

Using Trend Micro Products for Investigation

The following highlights several items that can be used by customers to investigation potential exposure to the vulnerabilities.
Trend Micro Vision One™

Trend Micro Vision One customers benefit from XDR detection capabilities of the underlying products such as Trend Micro Apex One.  The following outlines some of the components of Trend Micro Vision One that can be used for preparation and inventory:

Assessment > Security Assessment

As of November 2, 2022, Trend Micro Vision One customers now have access to a new Security Assessment that covers this new vulnerability.


Users who are not already Trend Micro Vision One customers can visit Trend Micro's Security Assessment Service Landing Page for more information on how to get access to the Security Assessment for a limited time.

Risk Insights > Executive Dashboard

Customers utilizing the Executive Dashboard component of Risk Insights can view pieces of proactive information about Trend Micro rules and mitigations, as well as act on potentially affected devices (if Vulnerability Detection is enabled). 



Please note, that similar to the openssl version command outlined above, the current detections cover only instance where OpenSSL is fully installed versus merely present as part of another application.
Trend Micro Cloud One™ - Container Security

Trend Micro Cloud One - Container Security customers can easily assess if any container running on Kubernetes clusters is impacted by the newly released vulnerabilities.  Please visit this article for further information: Using Trend Micro Cloud One - Container Security to Assess Contained Potentially Affected by OpenSSL 3.x Vulnerability.

Trend Micro Protection and Detection Against Exploitation

First and foremost, it is always highly recommended that users apply the vendor's patches when they become available and is feasible.  At this time, OpenSSL 3.0.7 has been released to address the issue.

In addition to the formal patch, Trend Micro has released some supplementary rules, filters and detection that may help provide additional protection against potential exploits. 
Preventative Rules, Filters & Detection
Trend Micro Cloud One - Workload Security and Deep Security IPS Rules
  • Rule 1011591 - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3602) - Client
  • Rule 1011590 - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3602) - Server

Trend Micro Cloud One - Network Security and TippingPoint Filters
  • Filter 41923: TLS: OpenSSL ossl_punycode_decode Buffer Overflow Vulnerability (Client)
  • Filter 41924: TLS: OpenSSL ossl_punycode_decode Buffer Overflow Vulnerability (Server)

Trend Micro Vulnerability Protection IPS Rules
  • Rule 1011591 - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3602) - Client
Trend Micro Deep Discovery Rules

Affected Trend Micro Products

Trend Micro is currently undergoing a proactive inventory of products and services that may have affected versions of OpenSSL 3.x. If any products are found to be affected / vulnerable, they will be listed here with information about potential mitigations.

The following chart lists products that have been found to be unaffected.  Additional products are still under evaluation.
Trend Micro Product/Service NameStatus
Apex CentralNot Affected
Apex Central as a ServiceNot Affected
Apex One (including Apex One as a Service)Not Affected
Cloud App SecurityResolved
Cloud EdgeNot Affected
Cloud One - Application SecurityNot Affected
Cloud One - Container SecurityNot Affected
Cloud One - File Storage SecurityNot Affected
Cloud One - Network SecurityNot Affected
Cloud One - SubscriptionNot Affected
Cloud One - User ManagementNot Affected
Cloud One - Workload SecurityNot Affected
DDAaaSNot Affected
Deep Discovery AnalyzerNot Affected
Deep Discovery DirectorNot Affected
Deep Discovery Email InspectorNot Affected
Deep Discovery InspectorNot Affected
Deep SecurityNot Affected
InterScan Messaging Security Virtual Appliance (IMSVA)Not Affected
InterScan Messaging SecurityNot Affected
InterScan Web Security SuiteNot Affected
InterScan Web Security Virtual ApplianceNot Affected
ScanMail for Domino (SMD) - LinuxAffected
Contact Trend Micro Support for Hotfix
ServerProtect For EMC CelerraNot Affected
ServerProtect For LinuxNot Affected
ServerProtect For Microsoft Windows/Novell NetWareNot Affected
ServerProtect For Network Appliance FilersNot Affected
ServerProtect For StorageNot Affected
TippingPoint IPS N-seriesNot Affected
TippingPoint IPS NX-seriesNot Affected
TippingPoint Network Protection (AWS)Not Affected
TippingPoint Network Protection (Azure)Not Affected
TippingPoint SMSNot Affected
TippingPoint TPSNot Affected
TippingPoint TX-SeriesNot Affected
TippingPoint Virtual SMSNot Affected
TippingPoint Virtual TPSNot Affected
TXOne - EdgeFireNot Affected
TXOne - EdgeIPS (including Pro)Not Affected
TXOne - ODCNot Affected
TXOne - StellarEncforceNot Affected
TXOne - StellarOneNot Affected
TXOne - StellerProtectNot Affected
Vision OneNot Affected
Worry-Free Business Security (including WF Services)Not Affected

Please continue to visit this article for updates.



Remove a Malware / Virus; Update



若您需要協助,請聯繫對應的技術支援窗口. 聯絡我們

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.