exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2022-1473

Status Candidate

Overview

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).

Related Files

Gentoo Linux Security Advisory 202210-02
Posted Oct 17, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202210-2 - Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in denial of service. Versions less than 1.1.1q are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2020-1968, CVE-2021-3711, CVE-2021-3712, CVE-2021-4160, CVE-2022-0778, CVE-2022-1292, CVE-2022-1473, CVE-2022-2097
SHA-256 | e8a24ea6bd3d06d9f7c4b981793ddc01bf27c0b5de50f88e95ea9d23d62c2456
Red Hat Security Advisory 2022-6224-01
Posted Aug 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6224-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a code execution vulnerability.

tags | advisory, code execution, protocol
systems | linux, redhat
advisories | CVE-2022-1292, CVE-2022-1343, CVE-2022-1473, CVE-2022-2068, CVE-2022-2097
SHA-256 | 647502acba6e1f4ffdad854b5907359dbee61f52101031ae43a924968e013c02
Ubuntu Security Notice USN-5402-2
Posted May 26, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5402-2 - USN-5402-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 16.04 ESM. Elison Niven discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run. Aliaksei Levin discovered that OpenSSL incorrectly handled resources when decoding certificates and keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS.

tags | advisory, remote, denial of service, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-1292, CVE-2022-1473
SHA-256 | 38897d1c35ed3fd17bf48d11add588afe226f3e13ae49956791b9fd6a4337cd4
Ubuntu Security Notice USN-5402-1
Posted May 4, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5402-1 - Elison Niven discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run. Raul Metsma discovered that OpenSSL incorrectly verified certain response signing certificates. A remote attacker could possibly use this issue to spoof certain response signing certificates. This issue only affected Ubuntu 22.04 LTS.

tags | advisory, remote, arbitrary, local, spoof
systems | linux, ubuntu
advisories | CVE-2022-1292, CVE-2022-1343, CVE-2022-1434, CVE-2022-1473
SHA-256 | 9f908328ff337686f5d5cffc66667d81dbd3b4ce35629e2bd3050e7444f1fd8b
OpenSSL Toolkit 3.0.3
Posted May 3, 2022
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide. The 3.x series is the current major version of OpenSSL.

Changes: Fixed a bug in the c_rehash script which was not properly sanitizing shell metacharacters to prevent command injection. Fixed a bug in the function OCSP_basic_verify that verifies the signer certificate on an OCSP response. Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the AAD data as the MAC key. Fixed a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory occupied by the removed hash table entries.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2022-1292, CVE-2022-1343, CVE-2022-1434, CVE-2022-1473
SHA-256 | ee0078adcef1de5f003c62c80cc96527721609c6f3bb42b7795df31f8b558c0b
OpenSSL Security Advisory 20220503
Posted May 3, 2022
Site openssl.org

OpenSSL Security Advisory 20220503 - The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Other issues were also addressed.

tags | advisory, arbitrary, shell
advisories | CVE-2022-1292, CVE-2022-1343, CVE-2022-1434, CVE-2022-1473
SHA-256 | da0a32c3df546638b4876fba11798d7c64bce5b0a32daab04ad8becaec7a0d51
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close