DEVELOPER?
Secure your code universe

Application security is a vast galaxy. Checkmarx DevHub can
help you navigate through it.

Best DevSec Tools in the Galaxy

For developers by developers

ChainAlert

Receive immediate notification if any of your npm packages are compromised by package hijacking!
- npm
- OSS
- SCA
- Supply Chain Security
Cool, I want it And I'll get it
JetBrains IDE

Identify vulnerable open-source dependencies and get remediation recommendations as you code in your favorite IDE
- Free download
- IDE plugin
- SCA
- Supply Chain Security
Cool, I want it And I'll get it
ChainJacking

Your Golang direct GitHub dependencies may be susceptible to ChainJacking attacks!
- Free download
- Supply Chain Security
Cool, I want it And I'll get it
KICS CLI

Integrate Infrastructure as Code (IaC) security into your SDLC
- CLI Tool
- Free download
- IaC
Cool, I want it And I'll get it
KICS SaaS

Is your Infrastructure as Code (IaC) vulnerable to attacks?
- IaC
Cool, I want it And I'll get it
KICS Auto Scanning VS Code Extension
- Free download
- IaC
- IDE plugin
Cool, I want it And I'll get it
DustiLock

Are your open-source dependencies susceptible to Dependency Confusion Attacks?
- OSS
- Supply Chain Security
Cool, I want it And I'll get it
CuteBoi

Track supply chain threat actor which has published 2500+ malicious packages.
- npm
- Supply Chain Security
- Threat Actor Tracker
Cool, I want it And I'll get it

Full impulse speed

Explore Advisory

Severity High Score 7.5/10

CVE-2022-3602

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in openssl - CVE-2022-3602

A Buffer Overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. This vulnerability affects OpenSSL versions 3.0.x prior to 3.0.7.
New blogpost

How NPM Packages Were Used to Spread Phishing Links
Upcoming Event
Virtual Developer Workshops - NA/EMEA

Explore real-world source code and third-party library vulnerabilities and how Checkmarx empowers Developers to quickly and easily remediate them
- Date Apr 06 2023, 11:00
- Location Online
Check this Tool
ChainJacking

Your Golang direct GitHub dependencies may be susceptible to ChainJacking attacks!
- Free download
- Supply Chain Security
Upcoming Event
Virtual Developer Workshops APAC

Explore real-world source code and third-party library vulnerabilities and how Checkmarx empowers Developers to quickly and easily remediate them
- Date Apr 06 2023, 09:00
- Location Online

DEVELOPER?Secure your code universe

For developers by developers

Full impulse speed

DEVELOPER?
Secure your code universe