Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/78216?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/78216?format=api", "purl": "pkg:ebuild/dev-libs/openssl@1.1.1q", "type": "ebuild", "namespace": "dev-libs", "name": "openssl", "version": "1.1.1q", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.0.7", "latest_non_vulnerable_version": "3.0.10", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11082?format=api", "vulnerability_id": "VCID-1mkj-94qc-zqgn", "summary": "Buffer Overflow\nIn order to decrypt SM2 encrypted data an application is expected to call the API function `EVP_PKEY_decrypt()`. Typically an application will call this function twice. The first time, on entry, the `out` parameter can be NULL and, on exit, the `outlen` parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call `EVP_PKEY_decrypt()` again, but this time passing a non-NULL value for the `out` parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to `EVP_PKEY_decrypt()` can be smaller than the actual size required by the second call. This can lead to a buffer overflow when `EVP_PKEY_decrypt()` is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3711.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3711.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3711", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02293", "scoring_system": "epss", "scoring_elements": "0.84644", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02293", "scoring_system": "epss", "scoring_elements": "0.84702", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02293", "scoring_system": "epss", "scoring_elements": "0.8468", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02293", "scoring_system": "epss", "scoring_elements": "0.84679", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02293", "scoring_system": "epss", "scoring_elements": "0.84658", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02373", "scoring_system": "epss", "scoring_elements": "0.84984", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02373", "scoring_system": "epss", "scoring_elements": "0.85017", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02373", "scoring_system": "epss", "scoring_elements": "0.8501", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02544", "scoring_system": "epss", "scoring_elements": "0.85462", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02544", "scoring_system": "epss", "scoring_elements": "0.855", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02544", "scoring_system": "epss", "scoring_elements": "0.85471", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02544", "scoring_system": "epss", "scoring_elements": "0.85495", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02544", "scoring_system": "epss", "scoring_elements": "0.85475", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02544", "scoring_system": "epss", "scoring_elements": "0.85476", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3711" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46" }, { "reference_url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2021-0097.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2021-0097.html" }, { "reference_url": "https://security.gentoo.org/glsa/202209-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202209-02" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210827-0010", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210827-0010" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211022-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20211022-0003" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240621-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4963", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4963" }, { "reference_url": "https://www.openssl.org/news/secadv/20210824.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openssl.org/news/secadv/20210824.txt" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://www.tenable.com/security/tns-2021-16", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.tenable.com/security/tns-2021-16" }, { "reference_url": "https://www.tenable.com/security/tns-2022-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.tenable.com/security/tns-2022-02" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/08/26/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995623", "reference_id": "1995623", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995623" }, { "reference_url": "https://security.archlinux.org/AVG-2315", "reference_id": "AVG-2315", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2315" }, { "reference_url": "https://security.archlinux.org/AVG-2316", "reference_id": "AVG-2316", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2316" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3711", "reference_id": "CVE-2021-3711", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3711" }, { "reference_url": "https://github.com/advisories/GHSA-5ww6-px42-wc85", "reference_id": "GHSA-5ww6-px42-wc85", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5ww6-px42-wc85" }, { "reference_url": "https://security.gentoo.org/glsa/202210-02", "reference_id": "GLSA-202210-02", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202210-02" }, { "reference_url": "https://usn.ubuntu.com/5051-1/", "reference_id": "USN-5051-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5051-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78216?format=api", "purl": "pkg:ebuild/dev-libs/openssl@1.1.1q", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/openssl@1.1.1q" } ], "aliases": [ "CVE-2021-3711", "GHSA-5ww6-px42-wc85" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1mkj-94qc-zqgn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50397?format=api", "vulnerability_id": "VCID-aa9w-ntqw-pfbt", "summary": "Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1968.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1968.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1968", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77512", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77506", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77471", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77478", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.7748", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01278", "scoring_system": "epss", "scoring_elements": "0.79511", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01278", "scoring_system": "epss", "scoring_elements": "0.79518", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01278", "scoring_system": "epss", "scoring_elements": "0.7954", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01278", "scoring_system": "epss", "scoring_elements": "0.79527", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01278", "scoring_system": "epss", "scoring_elements": "0.79555", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01278", "scoring_system": "epss", "scoring_elements": "0.79563", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01278", "scoring_system": "epss", "scoring_elements": "0.79585", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01278", "scoring_system": "epss", "scoring_elements": "0.79569", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01278", "scoring_system": "epss", "scoring_elements": "0.7956", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1968" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1968", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1968" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.openssl.org/news/secadv/20200909.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:10:30Z/" } ], "url": "https://www.openssl.org/news/secadv/20200909.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877458", "reference_id": "1877458", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877458" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1968", "reference_id": "CVE-2020-1968", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1968" }, { "reference_url": "https://security.gentoo.org/glsa/202210-02", "reference_id": "GLSA-202210-02", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:10:30Z/" } ], "url": "https://security.gentoo.org/glsa/202210-02" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00016.html", "reference_id": "msg00016.html", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:10:30Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00016.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200911-0004/", "reference_id": "ntap-20200911-0004", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:10:30Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20200911-0004/" }, { "reference_url": "https://usn.ubuntu.com/4504-1/", "reference_id": "USN-4504-1", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:10:30Z/" } ], "url": "https://usn.ubuntu.com/4504-1/" }, { "reference_url": "https://usn.ubuntu.com/7018-1/", "reference_id": "USN-7018-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7018-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78216?format=api", "purl": "pkg:ebuild/dev-libs/openssl@1.1.1q", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/openssl@1.1.1q" } ], "aliases": [ "CVE-2020-1968" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aa9w-ntqw-pfbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50398?format=api", "vulnerability_id": "VCID-frd6-gt2a-afhv", "summary": "Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2097.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2097.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2097", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54836", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54829", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54876", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54879", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.5486", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54887", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54884", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54847", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.5487", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54888", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66408", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66393", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.6637", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2097" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/alexcrichton/openssl-src-rs", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/alexcrichton/openssl-src-rs" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2097", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2097" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2022-0032.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2022-0032.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220715-0011", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220715-0011" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230420-0008", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230420-0008" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240621-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5343", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5343" }, { "reference_url": "https://www.openssl.org/news/secadv/20220705.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/" } ], "url": "https://www.openssl.org/news/secadv/20220705.txt" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023424", "reference_id": "1023424", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023424" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104905", "reference_id": "2104905", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104905" }, { "reference_url": "https://github.com/advisories/GHSA-3wx7-46ch-7rq2", "reference_id": "GHSA-3wx7-46ch-7rq2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3wx7-46ch-7rq2" }, { "reference_url": "https://security.gentoo.org/glsa/202210-02", "reference_id": "GLSA-202210-02", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/" } ], "url": "https://security.gentoo.org/glsa/202210-02" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220715-0011/", "reference_id": "ntap-20220715-0011", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220715-0011/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230420-0008/", "reference_id": "ntap-20230420-0008", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230420-0008/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/", "reference_id": "R6CK57NBQFTPUMXAPJURCGXUYT76NQAK", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5818", "reference_id": "RHSA-2022:5818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6224", "reference_id": "RHSA-2022:6224", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6224" }, { "reference_url": "https://usn.ubuntu.com/5502-1/", "reference_id": "USN-5502-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5502-1/" }, { "reference_url": "https://usn.ubuntu.com/6457-1/", "reference_id": "USN-6457-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6457-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/", "reference_id": "V6567JERRHHJW2GNGJGKDRNHR7SNPZK7", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/", "reference_id": "VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78216?format=api", "purl": "pkg:ebuild/dev-libs/openssl@1.1.1q", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/openssl@1.1.1q" } ], "aliases": [ "CVE-2022-2097", "GHSA-3wx7-46ch-7rq2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-frd6-gt2a-afhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13325?format=api", "vulnerability_id": "VCID-gsbn-6t86-7kf9", "summary": "Loop with Unreachable Exit Condition ('Infinite Loop')\nThe BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters", "references": [ { "reference_url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0778", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05863", "scoring_system": "epss", "scoring_elements": "0.90592", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.06432", "scoring_system": "epss", "scoring_elements": "0.91023", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06486", "scoring_system": "epss", "scoring_elements": "0.91133", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.07109", "scoring_system": "epss", "scoring_elements": "0.91532", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07109", "scoring_system": "epss", "scoring_elements": "0.91526", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07109", "scoring_system": "epss", "scoring_elements": "0.91513", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07128", "scoring_system": "epss", "scoring_elements": "0.91567", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.07128", "scoring_system": "epss", "scoring_elements": "0.91562", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.07394", "scoring_system": "epss", "scoring_elements": "0.91701", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07394", "scoring_system": "epss", "scoring_elements": "0.91693", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.07807", "scoring_system": "epss", "scoring_elements": "0.91978", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.08117", "scoring_system": "epss", "scoring_elements": "0.92165", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.08117", "scoring_system": "epss", "scoring_elements": "0.92166", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0778" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778" }, { "reference_url": "http://seclists.org/fulldisclosure/2022/May/33", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "reference_url": "http://seclists.org/fulldisclosure/2022/May/35", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "reference_url": "http://seclists.org/fulldisclosure/2022/May/38", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2022-0014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2022-0014.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220321-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220321-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220321-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220321-0002/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220429-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220429-0005" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240621-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006" }, { "reference_url": "https://support.apple.com/kb/HT213255", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/kb/HT213255" }, { "reference_url": "https://support.apple.com/kb/HT213256", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/kb/HT213256" }, { "reference_url": "https://support.apple.com/kb/HT213257", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/kb/HT213257" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5103", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2022/dsa-5103" }, { "reference_url": "https://www.openssl.org/news/secadv/20220315.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openssl.org/news/secadv/20220315.txt" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.tenable.com/security/tns-2022-06", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.tenable.com/security/tns-2022-06" }, { "reference_url": "https://www.tenable.com/security/tns-2022-07", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.tenable.com/security/tns-2022-07" }, { "reference_url": "https://www.tenable.com/security/tns-2022-08", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.tenable.com/security/tns-2022-08" }, { "reference_url": "https://www.tenable.com/security/tns-2022-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.tenable.com/security/tns-2022-09" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062202", "reference_id": "2062202", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062202" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778", "reference_id": "CVE-2022-0778", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778" }, { "reference_url": "https://github.com/advisories/GHSA-x3mh-jvjw-3xwx", "reference_id": "GHSA-x3mh-jvjw-3xwx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x3mh-jvjw-3xwx" }, { "reference_url": "https://security.gentoo.org/glsa/202210-02", "reference_id": "GLSA-202210-02", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202210-02" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1065", "reference_id": "RHSA-2022:1065", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1065" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1066", "reference_id": "RHSA-2022:1066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1066" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1071", "reference_id": "RHSA-2022:1071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1071" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1073", "reference_id": "RHSA-2022:1073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1076", "reference_id": "RHSA-2022:1076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1077", "reference_id": "RHSA-2022:1077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1078", "reference_id": "RHSA-2022:1078", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1078" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1082", "reference_id": "RHSA-2022:1082", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1082" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1091", "reference_id": "RHSA-2022:1091", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1091" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1112", "reference_id": "RHSA-2022:1112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1112" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1263", "reference_id": "RHSA-2022:1263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1389", "reference_id": "RHSA-2022:1389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1390", "reference_id": "RHSA-2022:1390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1390" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1519", "reference_id": "RHSA-2022:1519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1519" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1520", "reference_id": "RHSA-2022:1520", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1520" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4896", "reference_id": "RHSA-2022:4896", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4896" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4899", "reference_id": "RHSA-2022:4899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4899" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5326", "reference_id": "RHSA-2022:5326", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5326" }, { "reference_url": "https://usn.ubuntu.com/5328-1/", "reference_id": "USN-5328-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5328-1/" }, { "reference_url": "https://usn.ubuntu.com/5328-2/", "reference_id": "USN-5328-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5328-2/" }, { "reference_url": "https://usn.ubuntu.com/6457-1/", "reference_id": "USN-6457-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6457-1/" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78216?format=api", "purl": "pkg:ebuild/dev-libs/openssl@1.1.1q", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/openssl@1.1.1q" } ], "aliases": [ "CVE-2022-0778", "GHSA-x3mh-jvjw-3xwx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gsbn-6t86-7kf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12414?format=api", "vulnerability_id": "VCID-myuq-u3as-g3ah", "summary": "Carry Propagation bug\nThere is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4160.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4160.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4160", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53163", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53188", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53291", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53284", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53247", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53264", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53278", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53227", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53233", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53212", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.5318", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61812", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61799", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.61794", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3bf7b73ea7123045b8f972badc67ed6878e6c37f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3bf7b73ea7123045b8f972badc67ed6878e6c37f" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6fc1aaaf303185aa5e483e06bdfae16daa9193a7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6fc1aaaf303185aa5e483e06bdfae16daa9193a7" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb" }, { "reference_url": "https://www.openssl.org/news/secadv/20220128.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-24T15:29:13Z/" } ], "url": "https://www.openssl.org/news/secadv/20220128.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048651", "reference_id": "2048651", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048651" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4160", "reference_id": "CVE-2021-4160", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4160" }, { "reference_url": "https://security.gentoo.org/glsa/202210-02", "reference_id": "GLSA-202210-02", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-24T15:29:13Z/" } ], "url": "https://security.gentoo.org/glsa/202210-02" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3bf7b73ea7123045b8f972badc67ed6878e6c37f", "reference_id": "?p=openssl.git%3Ba=commitdiff%3Bh=3bf7b73ea7123045b8f972badc67ed6878e6c37f", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-24T15:29:13Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3bf7b73ea7123045b8f972badc67ed6878e6c37f" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6fc1aaaf303185aa5e483e06bdfae16daa9193a7", "reference_id": "?p=openssl.git%3Ba=commitdiff%3Bh=6fc1aaaf303185aa5e483e06bdfae16daa9193a7", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-24T15:29:13Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6fc1aaaf303185aa5e483e06bdfae16daa9193a7" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb", "reference_id": "?p=openssl.git%3Ba=commitdiff%3Bh=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-24T15:29:13Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78216?format=api", "purl": "pkg:ebuild/dev-libs/openssl@1.1.1q", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/openssl@1.1.1q" } ], "aliases": [ "CVE-2021-4160" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-myuq-u3as-g3ah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11076?format=api", "vulnerability_id": "VCID-nr5y-ve9m-zfeh", "summary": "Out-of-bounds Read\nASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3712.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3712.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3712", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61526", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61508", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61523", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61461", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61555", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61386", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61462", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.6149", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61551", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.6151", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61531", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00413", "scoring_system": "epss", "scoring_elements": "0.61544", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0046", "scoring_system": "epss", "scoring_elements": "0.6417", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00561", "scoring_system": "epss", "scoring_elements": "0.68314", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3712" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:11:09Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:11:09Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:11:09Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:11:09Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10366", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:11:09Z/" } ], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10366" }, { "reference_url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:11:09Z/" } ], "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:11:09Z/" } ], "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:11:09Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:11:09Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2021-0098.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2021-0098.html" }, { "reference_url": "https://security.gentoo.org/glsa/202209-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:11:09Z/" } ], "url": "https://security.gentoo.org/glsa/202209-02" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210827-0010", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210827-0010" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210827-0010/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:11:09Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210827-0010/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240621-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4963", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:11:09Z/" } ], "url": "https://www.debian.org/security/2021/dsa-4963" }, { "reference_url": "https://www.openssl.org/news/secadv/20210824.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:11:09Z/" } ], "url": "https://www.openssl.org/news/secadv/20210824.txt" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:11:09Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:11:09Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:11:09Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://www.tenable.com/security/tns-2021-16", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:11:09Z/" } ], "url": "https://www.tenable.com/security/tns-2021-16" }, { "reference_url": "https://www.tenable.com/security/tns-2022-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:11:09Z/" } ], "url": "https://www.tenable.com/security/tns-2022-02" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/08/26/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:11:09Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995634", "reference_id": "1995634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995634" }, { "reference_url": "https://security.archlinux.org/AVG-2315", "reference_id": "AVG-2315", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2315" }, { "reference_url": "https://security.archlinux.org/AVG-2316", "reference_id": "AVG-2316", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2316" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3712", "reference_id": "CVE-2021-3712", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3712" }, { "reference_url": "https://github.com/advisories/GHSA-q9wj-f4qw-6vfj", "reference_id": "GHSA-q9wj-f4qw-6vfj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q9wj-f4qw-6vfj" }, { "reference_url": "https://security.gentoo.org/glsa/202210-02", "reference_id": "GLSA-202210-02", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-16T14:11:09Z/" } ], "url": "https://security.gentoo.org/glsa/202210-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4861", "reference_id": "RHSA-2021:4861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4863", "reference_id": "RHSA-2021:4863", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5226", "reference_id": "RHSA-2021:5226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5226" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0064", "reference_id": "RHSA-2022:0064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0064" }, { "reference_url": "https://usn.ubuntu.com/5051-1/", "reference_id": "USN-5051-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5051-1/" }, { "reference_url": "https://usn.ubuntu.com/5051-2/", "reference_id": "USN-5051-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5051-2/" }, { "reference_url": "https://usn.ubuntu.com/5051-3/", "reference_id": "USN-5051-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5051-3/" }, { "reference_url": "https://usn.ubuntu.com/5088-1/", "reference_id": "USN-5088-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5088-1/" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78216?format=api", "purl": "pkg:ebuild/dev-libs/openssl@1.1.1q", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/openssl@1.1.1q" } ], "aliases": [ "CVE-2021-3712", "GHSA-q9wj-f4qw-6vfj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nr5y-ve9m-zfeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14307?format=api", "vulnerability_id": "VCID-q2ae-5r8q-3fbv", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nThe `c_rehash` script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the `c_rehash` script is considered obsolete and should be replaced by the OpenSSL `rehash` command line tool.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1292.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1292.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1292", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.38986", "scoring_system": "epss", "scoring_elements": "0.97284", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.38986", "scoring_system": "epss", "scoring_elements": "0.97246", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.38986", "scoring_system": "epss", "scoring_elements": "0.97283", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.38986", "scoring_system": "epss", "scoring_elements": "0.97265", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.38986", "scoring_system": "epss", "scoring_elements": "0.97258", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.38986", "scoring_system": "epss", "scoring_elements": "0.97252", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.38986", "scoring_system": "epss", "scoring_elements": "0.97281", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.38986", "scoring_system": "epss", "scoring_elements": "0.97278", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.38986", "scoring_system": "epss", "scoring_elements": "0.97257", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.38986", "scoring_system": "epss", "scoring_elements": "0.97271", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.38986", "scoring_system": "epss", "scoring_elements": "0.9727", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.38986", "scoring_system": "epss", "scoring_elements": "0.97269", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.38986", "scoring_system": "epss", "scoring_elements": "0.97266", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1292" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23" }, { "reference_url": "https://www.openssl.org/news/secadv/20220503.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/" } ], "url": "https://www.openssl.org/news/secadv/20220503.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081494", "reference_id": "2081494", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081494" }, { "reference_url": "https://security.archlinux.org/AVG-2702", "reference_id": "AVG-2702", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2702" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1292", "reference_id": "CVE-2022-1292", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1292" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5139", "reference_id": "dsa-5139", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5139" }, { "reference_url": "https://security.gentoo.org/glsa/202210-02", "reference_id": "GLSA-202210-02", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/" } ], "url": "https://security.gentoo.org/glsa/202210-02" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html", "reference_id": "msg00019.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2", "reference_id": "?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb", "reference_id": "?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23", "reference_id": "?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5818", "reference_id": "RHSA-2022:5818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6224", "reference_id": "RHSA-2022:6224", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6224" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8913", "reference_id": "RHSA-2022:8913", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8913" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8917", "reference_id": "RHSA-2022:8917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5931", "reference_id": "RHSA-2023:5931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5979", "reference_id": "RHSA-2023:5979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5980", "reference_id": "RHSA-2023:5980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5982", "reference_id": "RHSA-2023:5982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011", "reference_id": "SNWLID-2022-0011", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011" }, { "reference_url": "https://usn.ubuntu.com/5402-1/", "reference_id": "USN-5402-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5402-1/" }, { "reference_url": "https://usn.ubuntu.com/5402-2/", "reference_id": "USN-5402-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5402-2/" }, { "reference_url": "https://usn.ubuntu.com/6457-1/", "reference_id": "USN-6457-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6457-1/" }, { "reference_url": "https://usn.ubuntu.com/7018-1/", "reference_id": "USN-7018-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7018-1/" }, { "reference_url": "https://usn.ubuntu.com/7060-1/", "reference_id": "USN-7060-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7060-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/", "reference_id": "VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/", "reference_id": "ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78216?format=api", "purl": "pkg:ebuild/dev-libs/openssl@1.1.1q", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/openssl@1.1.1q" } ], "aliases": [ "CVE-2022-1292" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q2ae-5r8q-3fbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14305?format=api", "vulnerability_id": "VCID-zhwv-pq2x-8bey", "summary": "Improper Resource Shutdown or Release\nThe `OPENSSL_LH_flush()` function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1473.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1473.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1473", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.50979", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.50971", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.51023", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56037", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.55926", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56058", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56036", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56087", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.5609", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56102", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56079", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56062", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56097", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56099", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1473" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/github/advisory-database/issues/405", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/github/advisory-database/issues/405" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=64c85430f95200b6b51fe9475bd5203f7c19daf1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=64c85430f95200b6b51fe9475bd5203f7c19daf1" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2022-0025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2022-0025.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220602-0009", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220602-0009" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220602-0009/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220602-0009/" }, { "reference_url": "https://www.openssl.org/news/secadv/20220503.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/" } ], "url": "https://www.openssl.org/news/secadv/20220503.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087913", "reference_id": "2087913", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087913" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1473", "reference_id": "CVE-2022-1473", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1473" }, { "reference_url": "https://github.com/advisories/GHSA-g323-fr93-4j3c", "reference_id": "GHSA-g323-fr93-4j3c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g323-fr93-4j3c" }, { "reference_url": "https://security.gentoo.org/glsa/202210-02", "reference_id": "GLSA-202210-02", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/" } ], "url": "https://security.gentoo.org/glsa/202210-02" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1", "reference_id": "?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6224", "reference_id": "RHSA-2022:6224", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6224" }, { "reference_url": "https://usn.ubuntu.com/5402-1/", "reference_id": "USN-5402-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5402-1/" }, { "reference_url": "https://usn.ubuntu.com/5402-2/", "reference_id": "USN-5402-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5402-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78216?format=api", "purl": "pkg:ebuild/dev-libs/openssl@1.1.1q", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/openssl@1.1.1q" } ], "aliases": [ "CVE-2022-1473", "GHSA-g323-fr93-4j3c" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zhwv-pq2x-8bey" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/openssl@1.1.1q" }