what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2022-1473

Status Candidate

Overview

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).

Related Files

Gentoo Linux Security Advisory 202210-02
Posted Oct 17, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202210-2 - Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in denial of service. Versions less than 1.1.1q are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2020-1968, CVE-2021-3711, CVE-2021-3712, CVE-2021-4160, CVE-2022-0778, CVE-2022-1292, CVE-2022-1473, CVE-2022-2097
SHA-256 | e8a24ea6bd3d06d9f7c4b981793ddc01bf27c0b5de50f88e95ea9d23d62c2456
Red Hat Security Advisory 2022-6224-01
Posted Aug 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6224-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a code execution vulnerability.

tags | advisory, code execution, protocol
systems | linux, redhat
advisories | CVE-2022-1292, CVE-2022-1343, CVE-2022-1473, CVE-2022-2068, CVE-2022-2097
SHA-256 | 647502acba6e1f4ffdad854b5907359dbee61f52101031ae43a924968e013c02
Ubuntu Security Notice USN-5402-2
Posted May 26, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5402-2 - USN-5402-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 16.04 ESM. Elison Niven discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run. Aliaksei Levin discovered that OpenSSL incorrectly handled resources when decoding certificates and keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS.

tags | advisory, remote, denial of service, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-1292, CVE-2022-1473
SHA-256 | 38897d1c35ed3fd17bf48d11add588afe226f3e13ae49956791b9fd6a4337cd4
Ubuntu Security Notice USN-5402-1
Posted May 4, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5402-1 - Elison Niven discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run. Raul Metsma discovered that OpenSSL incorrectly verified certain response signing certificates. A remote attacker could possibly use this issue to spoof certain response signing certificates. This issue only affected Ubuntu 22.04 LTS.

tags | advisory, remote, arbitrary, local, spoof
systems | linux, ubuntu
advisories | CVE-2022-1292, CVE-2022-1343, CVE-2022-1434, CVE-2022-1473
SHA-256 | 9f908328ff337686f5d5cffc66667d81dbd3b4ce35629e2bd3050e7444f1fd8b
OpenSSL Toolkit 3.0.3
Posted May 3, 2022
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide. The 3.x series is the current major version of OpenSSL.

Changes: Fixed a bug in the c_rehash script which was not properly sanitizing shell metacharacters to prevent command injection. Fixed a bug in the function OCSP_basic_verify that verifies the signer certificate on an OCSP response. Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the AAD data as the MAC key. Fixed a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory occupied by the removed hash table entries.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2022-1292, CVE-2022-1343, CVE-2022-1434, CVE-2022-1473
SHA-256 | ee0078adcef1de5f003c62c80cc96527721609c6f3bb42b7795df31f8b558c0b
OpenSSL Security Advisory 20220503
Posted May 3, 2022
Site openssl.org

OpenSSL Security Advisory 20220503 - The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Other issues were also addressed.

tags | advisory, arbitrary, shell
advisories | CVE-2022-1292, CVE-2022-1343, CVE-2022-1434, CVE-2022-1473
SHA-256 | da0a32c3df546638b4876fba11798d7c64bce5b0a32daab04ad8becaec7a0d51
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close