Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-3dej-wqvv-muhe
Vulnerability ID VCID-3dej-wqvv-muhe
Aliases CVE-2022-3358
GHSA-4f63-89w9-3jjv
Summary Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in denial of service.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-476 NULL Pointer Dereference
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3358.json
epss 0.19455 https://api.first.org/data/v1/epss?cve=CVE-2022-3358
epss 0.19455 https://api.first.org/data/v1/epss?cve=CVE-2022-3358
epss 0.19455 https://api.first.org/data/v1/epss?cve=CVE-2022-3358
epss 0.19455 https://api.first.org/data/v1/epss?cve=CVE-2022-3358
epss 0.19455 https://api.first.org/data/v1/epss?cve=CVE-2022-3358
epss 0.19455 https://api.first.org/data/v1/epss?cve=CVE-2022-3358
epss 0.19455 https://api.first.org/data/v1/epss?cve=CVE-2022-3358
epss 0.19455 https://api.first.org/data/v1/epss?cve=CVE-2022-3358
epss 0.19455 https://api.first.org/data/v1/epss?cve=CVE-2022-3358
epss 0.19455 https://api.first.org/data/v1/epss?cve=CVE-2022-3358
epss 0.19455 https://api.first.org/data/v1/epss?cve=CVE-2022-3358
epss 0.19455 https://api.first.org/data/v1/epss?cve=CVE-2022-3358
epss 0.19455 https://api.first.org/data/v1/epss?cve=CVE-2022-3358
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-4f63-89w9-3jjv
cvssv3.1 7.5 https://github.com/alexcrichton/openssl-src-rs
generic_textual HIGH https://github.com/alexcrichton/openssl-src-rs
cvssv3.1 7.5 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b
generic_textual HIGH https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3358
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2022-3358
cvssv3.1 7.5 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023
generic_textual HIGH https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023
cvssv3.1 7.5 https://rustsec.org/advisories/RUSTSEC-2022-0059.html
generic_textual HIGH https://rustsec.org/advisories/RUSTSEC-2022-0059.html
cvssv3.1 7.5 https://security.gentoo.org/glsa/202402-08
generic_textual HIGH https://security.gentoo.org/glsa/202402-08
cvssv3.1 7.5 https://security.netapp.com/advisory/ntap-20221028-0014
generic_textual HIGH https://security.netapp.com/advisory/ntap-20221028-0014
cvssv3.1 7.5 https://www.openssl.org/news/secadv/20221011.txt
generic_textual HIGH https://www.openssl.org/news/secadv/20221011.txt
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3358.json
https://api.first.org/data/v1/epss?cve=CVE-2022-3358
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/alexcrichton/openssl-src-rs
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b
https://nvd.nist.gov/vuln/detail/CVE-2022-3358
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023
https://rustsec.org/advisories/RUSTSEC-2022-0059.html
https://security.gentoo.org/glsa/202402-08
https://security.netapp.com/advisory/ntap-20221028-0014
https://security.netapp.com/advisory/ntap-20221028-0014/
https://www.openssl.org/news/secadv/20221011.txt
1021620 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620
2134740 https://bugzilla.redhat.com/show_bug.cgi?id=2134740
GHSA-4f63-89w9-3jjv https://github.com/advisories/GHSA-4f63-89w9-3jjv
RHSA-2023:2523 https://access.redhat.com/errata/RHSA-2023:2523
USN-5710-1 https://usn.ubuntu.com/5710-1/
Data source Metasploit
Description Check if a server supports a given version of SSL/TLS and cipher suites. The certificate is stored in loot, and any known vulnerabilities against that SSL version and cipher suite combination are checked. These checks include POODLE, deprecated protocols, expired/not valid certs, low key strength, null cipher suites, certificates signed with MD5, DROWN, RC4 ciphers, exportable ciphers, LOGJAM, and BEAST.
Note 
{}
Ransomware campaign use Unknown
Source publication date Oct. 14, 2014
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/ssl/ssl_version.rb
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3358.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/alexcrichton/openssl-src-rs
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-3358
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://rustsec.org/advisories/RUSTSEC-2022-0059.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://security.gentoo.org/glsa/202402-08
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://security.netapp.com/advisory/ntap-20221028-0014
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.openssl.org/news/secadv/20221011.txt
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.95361
EPSS Score 0.19455
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:02:05.178598+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202402-08 38.0.0