SBN

CVE-2022-3602 and CVE-2022-3786 OpenSSL Vulnerabilities: Scanning Container Images

On November 1st, 2022, OpenSSL announced a pair of High Severity vulnerabilities in version 3.0.0-3.0.6 of OpenSSL. The vulnerability is a buffer overflow that requires a very specific set of circumstances to be exploited. In some cases there is a possibility of remote code execution. However, it is important to note:

This occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer.

Since this requires either a misconfiguration of an OpenSSL server or the use of a CA-issued certificate to be abused, it is unlikely that most systems will be vulnerable to this attack. Additionally, buffer overflow protection in many operating systems will mitigate the vulnerability. 

To quote Rapid7’s blog:

For both scenarios, these kinds of attacks do not lend themselves well to widespread exploitation.

How do I find which containers are vulnerable?

Despite the low chance of exploitation, it is recommended that users update to the latest versions of containers that contain the patch. Fairwinds Insights, a Kubernetes governance platform can help identify vulnerabilities in any container images. 

Identifying where you are vulnerable in Fairwinds Insights is easy: 

  1. Navigate to the Vulnerabilities page

  2. Click the All Images tab

  3. Enter CVE-2022-3602 into the search box, then press Enter

  4. A list of affected images will appear in the table

Fairwinds Insights Vulnerabilities page

If you are interested in learning how Fairwinds Insights auto-scans for container vulnerabilities, get in touch

*** This is a Security Bloggers Network syndicated blog from Fairwinds | Blog authored by Joe Pelletier. Read the original post at: https://www.fairwinds.com/blog/cve-2022-3602-and-cve-2022-3786-openssl-vulnerabilities-scanning-container-images