Search for packages
| purl | pkg:rpm/redhat/openssl@1:3.0.1-41?arch=el9_0 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-95ub-7a6n-afdg
Aliases: CVE-2022-2068 |
openssl: the c_rehash script allows command injection | There are no reported fixed by versions. |
|
VCID-frd6-gt2a-afhv
Aliases: CVE-2022-2097 GHSA-3wx7-46ch-7rq2 |
Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in denial of service. | There are no reported fixed by versions. |
|
VCID-q2ae-5r8q-3fbv
Aliases: CVE-2022-1292 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') The `c_rehash` script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the `c_rehash` script is considered obsolete and should be replaced by the OpenSSL `rehash` command line tool. | There are no reported fixed by versions. |
|
VCID-ttju-tw1d-f3ay
Aliases: CVE-2022-1343 GHSA-mfm6-r9g2-q4r7 |
Improper Certificate Validation The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL "ocsp" application. When verifying an ocsp response with the "-no_cert_checks" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). | There are no reported fixed by versions. |
|
VCID-zhwv-pq2x-8bey
Aliases: CVE-2022-1473 GHSA-g323-fr93-4j3c |
Improper Resource Shutdown or Release The `OPENSSL_LH_flush()` function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:58:42.099928+00:00 | RedHat Importer | Affected by | VCID-zhwv-pq2x-8bey | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1473.json | 38.0.0 |
| 2026-04-01T13:58:42.054175+00:00 | RedHat Importer | Affected by | VCID-ttju-tw1d-f3ay | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1343.json | 38.0.0 |
| 2026-04-01T13:58:41.422187+00:00 | RedHat Importer | Affected by | VCID-q2ae-5r8q-3fbv | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1292.json | 38.0.0 |
| 2026-04-01T13:58:08.610539+00:00 | RedHat Importer | Affected by | VCID-95ub-7a6n-afdg | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2068.json | 38.0.0 |
| 2026-04-01T13:58:02.647992+00:00 | RedHat Importer | Affected by | VCID-frd6-gt2a-afhv | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2097.json | 38.0.0 |