Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-zhwv-pq2x-8bey
Vulnerability ID VCID-zhwv-pq2x-8bey
Aliases CVE-2022-1473
GHSA-g323-fr93-4j3c
Summary Improper Resource Shutdown or Release The `OPENSSL_LH_flush()` function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-459 Incomplete Cleanup
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-404 Improper Resource Shutdown or Release
CWE-401 Missing Release of Memory after Effective Lifetime
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1473.json
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2022-1473
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2022-1473
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2022-1473
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2022-1473
epss 0.00331 https://api.first.org/data/v1/epss?cve=CVE-2022-1473
epss 0.00331 https://api.first.org/data/v1/epss?cve=CVE-2022-1473
epss 0.00331 https://api.first.org/data/v1/epss?cve=CVE-2022-1473
epss 0.00331 https://api.first.org/data/v1/epss?cve=CVE-2022-1473
epss 0.00331 https://api.first.org/data/v1/epss?cve=CVE-2022-1473
epss 0.00331 https://api.first.org/data/v1/epss?cve=CVE-2022-1473
epss 0.00331 https://api.first.org/data/v1/epss?cve=CVE-2022-1473
epss 0.00331 https://api.first.org/data/v1/epss?cve=CVE-2022-1473
epss 0.00331 https://api.first.org/data/v1/epss?cve=CVE-2022-1473
epss 0.00331 https://api.first.org/data/v1/epss?cve=CVE-2022-1473
epss 0.00331 https://api.first.org/data/v1/epss?cve=CVE-2022-1473
cvssv3.1 7.5 https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
generic_textual HIGH https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
ssvc Track https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-g323-fr93-4j3c
cvssv3.1 7.5 https://github.com/github/advisory-database/issues/405
generic_textual HIGH https://github.com/github/advisory-database/issues/405
cvssv3.1 7.5 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1
ssvc Track https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1
cvssv3.1 7.5 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=64c85430f95200b6b51fe9475bd5203f7c19daf1
generic_textual HIGH https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=64c85430f95200b6b51fe9475bd5203f7c19daf1
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1473
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2022-1473
cvssv3.1 7.5 https://rustsec.org/advisories/RUSTSEC-2022-0025.html
generic_textual HIGH https://rustsec.org/advisories/RUSTSEC-2022-0025.html
cvssv3.1 7.5 https://security.gentoo.org/glsa/202210-02
generic_textual HIGH https://security.gentoo.org/glsa/202210-02
ssvc Track https://security.gentoo.org/glsa/202210-02
cvssv3.1 7.5 https://security.netapp.com/advisory/ntap-20220602-0009
generic_textual HIGH https://security.netapp.com/advisory/ntap-20220602-0009
cvssv3.1 7.5 https://security.netapp.com/advisory/ntap-20220602-0009/
ssvc Track https://security.netapp.com/advisory/ntap-20220602-0009/
cvssv3.1 7.5 https://www.openssl.org/news/secadv/20220503.txt
generic_textual HIGH https://www.openssl.org/news/secadv/20220503.txt
ssvc Track https://www.openssl.org/news/secadv/20220503.txt
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1473.json
https://api.first.org/data/v1/epss?cve=CVE-2022-1473
https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/github/advisory-database/issues/405
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=64c85430f95200b6b51fe9475bd5203f7c19daf1
https://rustsec.org/advisories/RUSTSEC-2022-0025.html
https://security.netapp.com/advisory/ntap-20220602-0009
https://security.netapp.com/advisory/ntap-20220602-0009/
https://www.openssl.org/news/secadv/20220503.txt
2087913 https://bugzilla.redhat.com/show_bug.cgi?id=2087913
CVE-2022-1473 https://nvd.nist.gov/vuln/detail/CVE-2022-1473
GHSA-g323-fr93-4j3c https://github.com/advisories/GHSA-g323-fr93-4j3c
GLSA-202210-02 https://security.gentoo.org/glsa/202210-02
?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1
RHSA-2022:6224 https://access.redhat.com/errata/RHSA-2022:6224
USN-5402-1 https://usn.ubuntu.com/5402-1/
USN-5402-2 https://usn.ubuntu.com/5402-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1473.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/ Found at https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/github/advisory-database/issues/405
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=64c85430f95200b6b51fe9475bd5203f7c19daf1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1473
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://rustsec.org/advisories/RUSTSEC-2022-0025.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.gentoo.org/glsa/202210-02
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/ Found at https://security.gentoo.org/glsa/202210-02
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20220602-0009
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20220602-0009/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/ Found at https://security.netapp.com/advisory/ntap-20220602-0009/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.openssl.org/news/secadv/20220503.txt
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/ Found at https://www.openssl.org/news/secadv/20220503.txt
Exploit Prediction Scoring System (EPSS)
Percentile 0.51023
EPSS Score 0.00275
Published At April 21, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:50:02.338905+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/openssl/CVE-2022-1473.yml 38.0.0