The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Debian
  • Debian Linux
Fedoraproject
  • Fedora
Mariadb
  • Mariadb
Netapp
  • 500f
  • 500f Firmware
  • A250
  • A250 Firmware
  • Cloud Volumes Ontap Mediator
  • Clustered Data Ontap
  • Clustered Data Ontap Antivirus Connector
  • Santricity Smi-s Provider
  • Storagegrid
Nodejs
  • Node.js
Openssl
  • Openssl
Redhat
  • Acm
  • Enterprise Linux
  • Jboss Core Services
  • Jboss Enterprise Web Server
  • Rhel Aus
  • Rhel E4s
  • Rhel Els
  • Rhel Eus
  • Rhel Tus
  • Rhev Hypervisor
Tenable
  • Nessus

Configuration 1 [-]

OR cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*

Configuration 6 [-]

OR cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Configuration 7 [-]

OR cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*

Configuration 8 [-]

OR cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*

Configuration 9 [-]

OR cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Package CPE Advisory Released Date
JBoss Core Services for RHEL 8
jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs cpe:/a:redhat:jboss_core_services:1::el8 RHSA-2022:1389 2022-04-20T00:00:00Z
jbcs-httpd24-curl-0:7.78.0-3.el8jbcs cpe:/a:redhat:jboss_core_services:1::el8 RHSA-2022:1389 2022-04-20T00:00:00Z
jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs cpe:/a:redhat:jboss_core_services:1::el8 RHSA-2022:1389 2022-04-20T00:00:00Z
jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs cpe:/a:redhat:jboss_core_services:1::el8 RHSA-2022:1389 2022-04-20T00:00:00Z
jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs cpe:/a:redhat:jboss_core_services:1::el8 RHSA-2022:1389 2022-04-20T00:00:00Z
jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs cpe:/a:redhat:jboss_core_services:1::el8 RHSA-2022:1389 2022-04-20T00:00:00Z
jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs cpe:/a:redhat:jboss_core_services:1::el8 RHSA-2022:1389 2022-04-20T00:00:00Z
jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs cpe:/a:redhat:jboss_core_services:1::el8 RHSA-2022:1389 2022-04-20T00:00:00Z
jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs cpe:/a:redhat:jboss_core_services:1::el8 RHSA-2022:1389 2022-04-20T00:00:00Z
jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs cpe:/a:redhat:jboss_core_services:1::el8 RHSA-2022:1389 2022-04-20T00:00:00Z
jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs cpe:/a:redhat:jboss_core_services:1::el8 RHSA-2022:1389 2022-04-20T00:00:00Z
jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs cpe:/a:redhat:jboss_core_services:1::el8 RHSA-2022:1389 2022-04-20T00:00:00Z
JBoss Core Services on RHEL 7
jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7 cpe:/a:redhat:jboss_core_services:1::el7 RHSA-2022:1389 2022-04-20T00:00:00Z
jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7 cpe:/a:redhat:jboss_core_services:1::el7 RHSA-2022:1389 2022-04-20T00:00:00Z
jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7 cpe:/a:redhat:jboss_core_services:1::el7 RHSA-2022:1389 2022-04-20T00:00:00Z
jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7 cpe:/a:redhat:jboss_core_services:1::el7 RHSA-2022:1389 2022-04-20T00:00:00Z
jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7 cpe:/a:redhat:jboss_core_services:1::el7 RHSA-2022:1389 2022-04-20T00:00:00Z
jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7 cpe:/a:redhat:jboss_core_services:1::el7 RHSA-2022:1389 2022-04-20T00:00:00Z
jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7 cpe:/a:redhat:jboss_core_services:1::el7 RHSA-2022:1389 2022-04-20T00:00:00Z
jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7 cpe:/a:redhat:jboss_core_services:1::el7 RHSA-2022:1389 2022-04-20T00:00:00Z
jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7 cpe:/a:redhat:jboss_core_services:1::el7 RHSA-2022:1389 2022-04-20T00:00:00Z
jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7 cpe:/a:redhat:jboss_core_services:1::el7 RHSA-2022:1389 2022-04-20T00:00:00Z
jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7 cpe:/a:redhat:jboss_core_services:1::el7 RHSA-2022:1389 2022-04-20T00:00:00Z
jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7 cpe:/a:redhat:jboss_core_services:1::el7 RHSA-2022:1389 2022-04-20T00:00:00Z
Red Hat Advanced Cluster Management for Kubernetes 2
acm-grafana-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
acm-must-gather-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
acm-operator-bundle-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
application-ui-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
assisted-image-service-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
cert-policy-controller-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
cluster-backup-operator-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
clusterclaims-controller-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
cluster-curator-controller-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
clusterlifecycle-state-metrics-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
cluster-proxy-addon-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
config-policy-controller-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
console-api-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
console-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
discovery-operator-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
endpoint-monitoring-operator-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
governance-policy-propagator-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
governance-policy-spec-sync-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
governance-policy-status-sync-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
governance-policy-template-sync-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
grafana-dashboard-loader-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
grc-ui-api-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
grc-ui-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
iam-policy-controller-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
insights-client-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
insights-metrics-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
klusterlet-addon-controller-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
klusterlet-addon-operator-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
kube-rbac-proxy-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
kube-state-metrics-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
managedcluster-import-controller-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
management-ingress-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
memcached-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
memcached-exporter-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
metrics-collector-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
multicloud-integrations-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
multicloud-manager-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
multiclusterhub-operator-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
multiclusterhub-repo-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
multicluster-observability-operator-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
multicluster-operators-application-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
multicluster-operators-channel-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
multicluster-operators-deployable-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
multicluster-operators-placementrule-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
multicluster-operators-subscription-operator-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
multicluster-operators-subscription-release-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
node-exporter-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
observatorium-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
observatorium-operator-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
openshift-hive-operator-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
placement-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
prometheus-alertmanager-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
prometheus-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
provider-credential-controller-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
rbac-query-proxy-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
redisgraph-tls-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
registration-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
registration-operator-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
rhacm-agent-service-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
rhacm-assisted-installer-agent-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
rhacm-assisted-installer-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
rhacm-assisted-installer-reporter-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
search-aggregator-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
search-api-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
search-collector-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
search-operator-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
search-ui-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
submariner-addon-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
thanos-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
thanos-receive-controller-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
volsync-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
volsync-mover-rclone-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
volsync-mover-restic-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
volsync-mover-rsync-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
work-container cpe:/a:redhat:acm:2.4::el8 RHSA-2022:1476 2022-04-21T00:00:00Z
acm-cluster-proxy-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
acm-governance-policy-addon-controller-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
acm-grafana-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
acm-must-gather-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
acm-operator-bundle-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
acm-prometheus-config-reloader-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
acm-prometheus-operator-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
acm-volsync-addon-controller-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
cert-policy-controller-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
cluster-backup-operator-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
cluster-proxy-addon-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
config-policy-controller-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
console-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
endpoint-monitoring-operator-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
governance-policy-propagator-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
governance-policy-spec-sync-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
governance-policy-status-sync-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
governance-policy-template-sync-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
grafana-dashboard-loader-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
iam-policy-controller-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
insights-client-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
insights-metrics-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
klusterlet-addon-controller-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
klusterlet-addon-operator-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
kube-rbac-proxy-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
kube-state-metrics-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
management-ingress-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
memcached-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
memcached-exporter-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
metrics-collector-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
multicloud-integrations-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
multiclusterhub-operator-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
multiclusterhub-repo-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
multicluster-observability-operator-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
multicluster-operators-application-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
multicluster-operators-channel-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
multicluster-operators-subscription-operator-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
node-exporter-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
observatorium-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
observatorium-operator-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
prometheus-alertmanager-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
prometheus-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
rbac-query-proxy-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
redisgraph-tls-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
search-aggregator-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
search-api-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
search-collector-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
search-operator-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
submariner-addon-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
thanos-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
thanos-receive-controller-container cpe:/a:redhat:acm:2.5::el8 RHSA-2022:4956 2022-06-09T00:00:00Z
Red Hat Enterprise Linux 6 Extended Lifecycle Support
openssl-0:1.0.1e-60.el6_10 cpe:/o:redhat:rhel_els:6 RHSA-2022:1073 2022-03-28T00:00:00Z
Red Hat Enterprise Linux 7
openssl-1:1.0.2k-25.el7_9 cpe:/o:redhat:enterprise_linux:7 RHSA-2022:1066 2022-03-28T00:00:00Z
Red Hat Enterprise Linux 7.3 Advanced Update Support
openssl-1:1.0.1e-62.el7_3 cpe:/o:redhat:rhel_aus:7.3 RHSA-2022:1082 2022-03-28T00:00:00Z
Red Hat Enterprise Linux 7.4 Advanced Update Support
openssl-1:1.0.2k-10.el7_4 cpe:/o:redhat:rhel_aus:7.4 RHSA-2022:1076 2022-03-28T00:00:00Z
Red Hat Enterprise Linux 7.6 Advanced Update Support
openssl-1:1.0.2k-18.el7_6 cpe:/o:redhat:rhel_aus:7.6 RHSA-2022:1078 2022-03-28T00:00:00Z
Red Hat Enterprise Linux 7.6 Telco Extended Update Support
openssl-1:1.0.2k-18.el7_6 cpe:/o:redhat:rhel_tus:7.6 RHSA-2022:1078 2022-03-28T00:00:00Z
Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
openssl-1:1.0.2k-18.el7_6 cpe:/o:redhat:rhel_e4s:7.6 RHSA-2022:1078 2022-03-28T00:00:00Z
Red Hat Enterprise Linux 7.7 Advanced Update Support
openssl-1:1.0.2k-21.el7_7 cpe:/o:redhat:rhel_aus:7.7 RHSA-2022:1077 2022-03-28T00:00:00Z
Red Hat Enterprise Linux 7.7 Telco Extended Update Support
openssl-1:1.0.2k-21.el7_7 cpe:/o:redhat:rhel_tus:7.7 RHSA-2022:1077 2022-03-28T00:00:00Z
Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
openssl-1:1.0.2k-21.el7_7 cpe:/o:redhat:rhel_e4s:7.7 RHSA-2022:1077 2022-03-28T00:00:00Z
Red Hat Enterprise Linux 8
compat-openssl10-1:1.0.2o-4.el8_6 cpe:/a:redhat:enterprise_linux:8 RHSA-2022:5326 2022-06-30T00:00:00Z
openssl-1:1.1.1k-6.el8_5 cpe:/o:redhat:enterprise_linux:8 RHSA-2022:1065 2022-03-28T00:00:00Z
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
openssl-1:1.1.1c-5.el8_1.1 cpe:/o:redhat:rhel_e4s:8.1 RHSA-2022:1112 2022-03-29T00:00:00Z
Red Hat Enterprise Linux 8.2 Extended Update Support
openssl-1:1.1.1c-19.el8_2 cpe:/o:redhat:rhel_eus:8.2 RHSA-2022:1091 2022-03-29T00:00:00Z
Red Hat Enterprise Linux 8.4 Extended Update Support
openssl-1:1.1.1g-16.el8_4 cpe:/o:redhat:rhel_eus:8.4 RHSA-2022:1071 2022-03-28T00:00:00Z
Red Hat Enterprise Linux 9
compat-openssl11-1:1.1.1k-4.el9_0 cpe:/a:redhat:enterprise_linux:9 RHSA-2022:4899 2022-06-03T00:00:00Z
Red Hat JBoss Core Services 1
openssl cpe:/a:redhat:jboss_core_services:1 RHSA-2022:1390 2022-04-20T00:00:00Z
Red Hat JBoss Web Server 5
openssl cpe:/a:redhat:jboss_enterprise_web_server:5.6 RHSA-2022:1520 2022-05-02T00:00:00Z
Red Hat JBoss Web Server 5.6 on RHEL 7
jws5-tomcat-0:9.0.50-5.redhat_00007.1.el7jws cpe:/a:redhat:jboss_enterprise_web_server:5.6::el7 RHSA-2022:1519 2022-05-02T00:00:00Z
jws5-tomcat-native-0:1.2.30-4.redhat_4.el7jws cpe:/a:redhat:jboss_enterprise_web_server:5.6::el7 RHSA-2022:1519 2022-05-02T00:00:00Z
Red Hat JBoss Web Server 5.6 on RHEL 8
jws5-tomcat-0:9.0.50-5.redhat_00007.1.el8jws cpe:/a:redhat:jboss_enterprise_web_server:5.6::el8 RHSA-2022:1519 2022-05-02T00:00:00Z
jws5-tomcat-native-0:1.2.30-4.redhat_4.el8jws cpe:/a:redhat:jboss_enterprise_web_server:5.6::el8 RHSA-2022:1519 2022-05-02T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
redhat-virtualization-host-0:4.3.22-20220330.1.el7_9 cpe:/o:redhat:enterprise_linux:7::hypervisor RHSA-2022:1263 2022-04-07T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
redhat-virtualization-host-0:4.5.0-202205291010_8.6 cpe:/o:redhat:rhev_hypervisor:4.4::el8 RHSA-2022:4896 2022-06-03T00:00:00Z
References
Link Providers
http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html cve-icon cve-icon
http://seclists.org/fulldisclosure/2022/May/33 cve-icon cve-icon
http://seclists.org/fulldisclosure/2022/May/35 cve-icon cve-icon
http://seclists.org/fulldisclosure/2022/May/38 cve-icon cve-icon
https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf cve-icon cve-icon
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65 cve-icon cve-icon
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83 cve-icon cve-icon
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-0778 cve-icon
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002 cve-icon cve-icon
https://security.gentoo.org/glsa/202210-02 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20220321-0002/ cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20220429-0005/ cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20240621-0006/ cve-icon cve-icon
https://support.apple.com/kb/HT213255 cve-icon cve-icon
https://support.apple.com/kb/HT213256 cve-icon cve-icon
https://support.apple.com/kb/HT213257 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-0778 cve-icon
https://www.debian.org/security/2022/dsa-5103 cve-icon cve-icon
https://www.openssl.org/news/secadv/20220315.txt cve-icon cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuapr2022.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujul2022.html cve-icon cve-icon
https://www.tenable.com/security/tns-2022-06 cve-icon cve-icon
https://www.tenable.com/security/tns-2022-07 cve-icon cve-icon
https://www.tenable.com/security/tns-2022-08 cve-icon cve-icon
https://www.tenable.com/security/tns-2022-09 cve-icon cve-icon
History

Sun, 08 Sep 2024 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat acm
CPEs cpe:/a:redhat:acm:2.4::el8
cpe:/a:redhat:acm:2.5::el8
Vendors & Products Redhat acm

Mon, 19 Aug 2024 22:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:acm:2.4::el8
cpe:/a:redhat:acm:2.5::el8
Vendors & Products Redhat acm
cve-icon MITRE

Status: PUBLISHED

Assigner: openssl

Published: 2022-03-15T17:05:20.382533Z

Updated: 2024-09-17T00:01:02.190Z

Reserved: 2022-02-28T00:00:00

Link: CVE-2022-0778

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-03-15T17:15:08.513

Modified: 2024-06-21T19:15:21.473

Link: CVE-2022-0778

cve-icon Redhat

Severity : Important

Publid Date: 2022-03-15T00:00:00Z

Links: CVE-2022-0778 - Bugzilla