CVE-2022-48437

Name of the Vulnerable Software and Affected Versions LibreSSL versions prior to 3.6.1 OpenBSD versions prior to 7.2 errata 001

Description An issue was discovered in the x509/x509 verify.c file. The function x509 verify ctx add chain does not store errors that occur during leaf certificate verification, resulting in an incorrect error being returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate.

Recommendations For LibreSSL versions prior to 3.6.1, update to version 3.6.1 or later to resolve the issue. For OpenBSD versions prior to 7.2 errata 001, apply the 7.2 errata 001 patch to resolve the issue. As a temporary workaround, consider disabling the installed verification callback that instructs the verifier to continue upon detecting an invalid certificate until a patch is available.