{"url":"http://public2.vulnerablecode.io/api/packages/143133?format=json","purl":"pkg:cargo/openssl-src@300.0.0","type":"cargo","namespace":"","name":"openssl-src","version":"300.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16375?format=json","vulnerability_id":"VCID-1ggt-ugh5-jqeu","summary":"NULL Pointer Dereference\nAn invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0216.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0216.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0216","reference_id":"","reference_type":"","scores":[{"value":"0.01123","scoring_system":"epss","scoring_elements":"0.78265","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01123","scoring_system":"epss","scoring_elements":"0.7827","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01123","scoring_system":"epss","scoring_elements":"0.78287","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01123","scoring_system":"epss","scoring_elements":"0.78262","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01123","scoring_system":"epss","scoring_elements":"0.78256","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01123","scoring_system":"epss","scoring_elements":"0.7823","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01123","scoring_system":"epss","scoring_elements":"0.78248","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01123","scoring_system":"epss","scoring_elements":"0.78217","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0216"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:43Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6"},{"reference_url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2023-0011.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2023-0011.html"},{"reference_url":"https://security.gentoo.org/glsa/202402-08","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:43Z/"}],"url":"https://security.gentoo.org/glsa/202402-08"},{"reference_url":"https://www.openssl.org/news/secadv/20230207.txt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:43Z/"}],"url":"https://www.openssl.org/news/secadv/20230207.txt"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164497","reference_id":"2164497","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164497"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0216","reference_id":"CVE-2023-0216","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0216"},{"reference_url":"https://github.com/advisories/GHSA-29xx-hcv2-c4cp","reference_id":"GHSA-29xx-hcv2-c4cp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-29xx-hcv2-c4cp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0946","reference_id":"RHSA-2023:0946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1199","reference_id":"RHSA-2023:1199","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1199"},{"reference_url":"https://usn.ubuntu.com/5844-1/","reference_id":"USN-5844-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5844-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/581149?format=json","purl":"pkg:cargo/openssl-src@300.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/openssl-src@300.0.12"}],"aliases":["CVE-2023-0216","GHSA-29xx-hcv2-c4cp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ggt-ugh5-jqeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42654?format=json","vulnerability_id":"VCID-3dej-wqvv-muhe","summary":"Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3358.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3358.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3358","reference_id":"","reference_type":"","scores":[{"value":"0.19455","scoring_system":"epss","scoring_elements":"0.95372","published_at":"2026-04-07T12:55:00Z"},{"value":"0.19455","scoring_system":"epss","scoring_elements":"0.95389","published_at":"2026-04-13T12:55:00Z"},{"value":"0.19455","scoring_system":"epss","scoring_elements":"0.95387","published_at":"2026-04-12T12:55:00Z"},{"value":"0.19455","scoring_system":"epss","scoring_elements":"0.95382","published_at":"2026-04-09T12:55:00Z"},{"value":"0.19455","scoring_system":"epss","scoring_elements":"0.95379","published_at":"2026-04-08T12:55:00Z"},{"value":"0.19455","scoring_system":"epss","scoring_elements":"0.95361","published_at":"2026-04-02T12:55:00Z"},{"value":"0.19455","scoring_system":"epss","scoring_elements":"0.95368","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3358"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/alexcrichton/openssl-src-rs","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alexcrichton/openssl-src-rs"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3358","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3358"},{"reference_url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2022-0059.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2022-0059.html"},{"reference_url":"https://security.gentoo.org/glsa/202402-08","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202402-08"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221028-0014","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20221028-0014"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221028-0014/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20221028-0014/"},{"reference_url":"https://www.openssl.org/news/secadv/20221011.txt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openssl.org/news/secadv/20221011.txt"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620","reference_id":"1021620","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2134740","reference_id":"2134740","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2134740"},{"reference_url":"https://github.com/advisories/GHSA-4f63-89w9-3jjv","reference_id":"GHSA-4f63-89w9-3jjv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4f63-89w9-3jjv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2523","reference_id":"RHSA-2023:2523","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2523"},{"reference_url":"https://usn.ubuntu.com/5710-1/","reference_id":"USN-5710-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5710-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/144597?format=json","purl":"pkg:cargo/openssl-src@300.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/openssl-src@300.0.10"}],"aliases":["CVE-2022-3358","GHSA-4f63-89w9-3jjv"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3dej-wqvv-muhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11810?format=json","vulnerability_id":"VCID-6pd1-d9gx-kfc1","summary":"Loop with Unreachable Exit Condition ('Infinite Loop')\nInternally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4044.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4044.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4044","reference_id":"","reference_type":"","scores":[{"value":"0.1758","scoring_system":"epss","scoring_elements":"0.9509","published_at":"2026-04-13T12:55:00Z"},{"value":"0.1758","scoring_system":"epss","scoring_elements":"0.95057","published_at":"2026-04-01T12:55:00Z"},{"value":"0.1758","scoring_system":"epss","scoring_elements":"0.95067","published_at":"2026-04-02T12:55:00Z"},{"value":"0.1758","scoring_system":"epss","scoring_elements":"0.95068","published_at":"2026-04-04T12:55:00Z"},{"value":"0.1758","scoring_system":"epss","scoring_elements":"0.9507","published_at":"2026-04-07T12:55:00Z"},{"value":"0.1758","scoring_system":"epss","scoring_elements":"0.95077","published_at":"2026-04-08T12:55:00Z"},{"value":"0.1758","scoring_system":"epss","scoring_elements":"0.9508","published_at":"2026-04-09T12:55:00Z"},{"value":"0.1758","scoring_system":"epss","scoring_elements":"0.95086","published_at":"2026-04-11T12:55:00Z"},{"value":"0.1758","scoring_system":"epss","scoring_elements":"0.95088","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4044"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2021-0129.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2021-0129.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211229-0003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20211229-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211229-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20211229-0003/"},{"reference_url":"https://www.openssl.org/news/secadv/20211214.txt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openssl.org/news/secadv/20211214.txt"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2033761","reference_id":"2033761","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2033761"},{"reference_url":"https://security.archlinux.org/AVG-2641","reference_id":"AVG-2641","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2641"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4044","reference_id":"CVE-2021-4044","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4044"},{"reference_url":"https://github.com/advisories/GHSA-mmjf-f5jw-w72q","reference_id":"GHSA-mmjf-f5jw-w72q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mmjf-f5jw-w72q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/143134?format=json","purl":"pkg:cargo/openssl-src@300.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/openssl-src@300.0.4"}],"aliases":["CVE-2021-4044","GHSA-mmjf-f5jw-w72q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6pd1-d9gx-kfc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46267?format=json","vulnerability_id":"VCID-71yj-bmak-pkdu","summary":"Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in remote code execution.","references":[{"reference_url":"http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3602.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3602.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3602","reference_id":"","reference_type":"","scores":[{"value":"0.83219","scoring_system":"epss","scoring_elements":"0.99262","published_at":"2026-04-04T12:55:00Z"},{"value":"0.83219","scoring_system":"epss","scoring_elements":"0.99268","published_at":"2026-04-12T12:55:00Z"},{"value":"0.83219","scoring_system":"epss","scoring_elements":"0.99259","published_at":"2026-04-02T12:55:00Z"},{"value":"0.83219","scoring_system":"epss","scoring_elements":"0.99267","published_at":"2026-04-13T12:55:00Z"},{"value":"0.83219","scoring_system":"epss","scoring_elements":"0.99266","published_at":"2026-04-08T12:55:00Z"},{"value":"0.83219","scoring_system":"epss","scoring_elements":"0.99265","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3602"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/alexcrichton/openssl-src-rs","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alexcrichton/openssl-src-rs"},{"reference_url":"https://github.com/alexcrichton/openssl-src-rs/commit/4a31c14f31e1a08c18893a37e304dd1dd4b7daa3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alexcrichton/openssl-src-rs/commit/4a31c14f31e1a08c18893a37e304dd1dd4b7daa3"},{"reference_url":"https://github.com/openssl/openssl/commit/fe3b639dc19b325846f4f6801f2f4604f56e3de3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openssl/openssl/commit/fe3b639dc19b325846f4f6801f2f4604f56e3de3"},{"reference_url":"https://github.com/rustsec/advisory-db/pull/1452","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rustsec/advisory-db/pull/1452"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fe3b639dc19b325846f4f6801f2f4604f56e3de3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fe3b639dc19b325846f4f6801f2f4604f56e3de3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3602","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3602"},{"reference_url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2022-0064.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2022-0064.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221102-0001","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20221102-0001"},{"reference_url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a"},{"reference_url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00789.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00789.html"},{"reference_url":"https://www.kb.cert.org/vuls/id/794340","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"https://www.kb.cert.org/vuls/id/794340"},{"reference_url":"https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/","reference_id":"","reference_type":"","scores":[],"url":"https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/"},{"reference_url":"https://www.openssl.org/news/secadv/20221101.txt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"https://www.openssl.org/news/secadv/20221101.txt"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/01/15","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/01/15"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/01/16","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/01/16"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/01/17","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/01/17"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/01/18","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/01/18"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/01/19","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/01/19"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/01/20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/01/20"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/01/21","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/01/21"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/01/24","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/01/24"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/10","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/10"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/11","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/12","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/12"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/13","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/13"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/14","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/15","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/15"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/7"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/9"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/03/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/03/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/03/10","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/03/10"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/03/11","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/03/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/03/2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/03/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/03/3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/03/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/03/5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/03/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/03/6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/03/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/03/7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/03/7"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/03/9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/03/9"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2137723","reference_id":"2137723","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2137723"},{"reference_url":"https://github.com/advisories/GHSA-8rwr-x37p-mx23","reference_id":"GHSA-8rwr-x37p-mx23","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8rwr-x37p-mx23"},{"reference_url":"https://security.gentoo.org/glsa/202211-01","reference_id":"GLSA-202211-01","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/"}],"url":"https://security.gentoo.org/glsa/202211-01"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7288","reference_id":"RHSA-2022:7288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7384","reference_id":"RHSA-2022:7384","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7384"},{"reference_url":"https://usn.ubuntu.com/5710-1/","reference_id":"USN-5710-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5710-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/144707?format=json","purl":"pkg:cargo/openssl-src@300.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/openssl-src@300.0.11"}],"aliases":["CVE-2022-3602","GHSA-8rwr-x37p-mx23"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-71yj-bmak-pkdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16380?format=json","vulnerability_id":"VCID-8s28-acfa-kkhj","summary":"NULL Pointer Dereference\nAn invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack. The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0217.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0217.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0217","reference_id":"","reference_type":"","scores":[{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.6816","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68193","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68207","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68182","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68167","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68115","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68138","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.6812","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0217"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:50Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2023-0012.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2023-0012.html"},{"reference_url":"https://security.gentoo.org/glsa/202402-08","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:50Z/"}],"url":"https://security.gentoo.org/glsa/202402-08"},{"reference_url":"https://www.openssl.org/news/secadv/20230207.txt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:50Z/"}],"url":"https://www.openssl.org/news/secadv/20230207.txt"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164499","reference_id":"2164499","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164499"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0217","reference_id":"CVE-2023-0217","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0217"},{"reference_url":"https://github.com/advisories/GHSA-vxrh-cpg7-8vjr","reference_id":"GHSA-vxrh-cpg7-8vjr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vxrh-cpg7-8vjr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0946","reference_id":"RHSA-2023:0946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1199","reference_id":"RHSA-2023:1199","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1199"},{"reference_url":"https://usn.ubuntu.com/5844-1/","reference_id":"USN-5844-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5844-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/581149?format=json","purl":"pkg:cargo/openssl-src@300.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/openssl-src@300.0.12"}],"aliases":["CVE-2023-0217","GHSA-vxrh-cpg7-8vjr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8s28-acfa-kkhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16385?format=json","vulnerability_id":"VCID-aens-jq7w-f7bh","summary":"Double Free\nThe function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4450.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4450.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4450","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35178","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35255","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35283","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35164","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35209","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35234","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35237","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35202","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:38Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:38Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b"},{"reference_url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2023-0010.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2023-0010.html"},{"reference_url":"https://security.gentoo.org/glsa/202402-08","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:38Z/"}],"url":"https://security.gentoo.org/glsa/202402-08"},{"reference_url":"https://www.openssl.org/news/secadv/20230207.txt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:38Z/"}],"url":"https://www.openssl.org/news/secadv/20230207.txt"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164494","reference_id":"2164494","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164494"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4450","reference_id":"CVE-2022-4450","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4450"},{"reference_url":"https://github.com/advisories/GHSA-v5w6-wcm8-jm4q","reference_id":"GHSA-v5w6-wcm8-jm4q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v5w6-wcm8-jm4q"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0946","reference_id":"RHSA-2023:0946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1199","reference_id":"RHSA-2023:1199","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1199"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1405","reference_id":"RHSA-2023:1405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2165","reference_id":"RHSA-2023:2165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2932","reference_id":"RHSA-2023:2932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3354","reference_id":"RHSA-2023:3354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3355","reference_id":"RHSA-2023:3355","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3355"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3408","reference_id":"RHSA-2023:3408","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3408"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3420","reference_id":"RHSA-2023:3420","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3420"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3421","reference_id":"RHSA-2023:3421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3421"},{"reference_url":"https://usn.ubuntu.com/5844-1/","reference_id":"USN-5844-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5844-1/"},{"reference_url":"https://usn.ubuntu.com/6564-1/","reference_id":"USN-6564-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6564-1/"},{"reference_url":"https://usn.ubuntu.com/7894-1/","reference_id":"USN-7894-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7894-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/581149?format=json","purl":"pkg:cargo/openssl-src@300.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/openssl-src@300.0.12"}],"aliases":["CVE-2022-4450","GHSA-v5w6-wcm8-jm4q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aens-jq7w-f7bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16382?format=json","vulnerability_id":"VCID-d83w-756y-3bfv","summary":"Use After Free\nThe public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0215.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0215.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0215","reference_id":"","reference_type":"","scores":[{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66108","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66138","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66151","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66131","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66119","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66075","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66103","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66071","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344"},{"reference_url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2023-0009.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2023-0009.html"},{"reference_url":"https://security.gentoo.org/glsa/202402-08","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/"}],"url":"https://security.gentoo.org/glsa/202402-08"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230427-0007","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230427-0007"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230427-0009","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230427-0009"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0006","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240621-0006"},{"reference_url":"https://www.openssl.org/news/secadv/20230207.txt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/"}],"url":"https://www.openssl.org/news/secadv/20230207.txt"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164492","reference_id":"2164492","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164492"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0215","reference_id":"CVE-2023-0215","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0215"},{"reference_url":"https://github.com/advisories/GHSA-r7jw-wp68-3xch","reference_id":"GHSA-r7jw-wp68-3xch","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r7jw-wp68-3xch"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230427-0007/","reference_id":"ntap-20230427-0007","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230427-0007/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230427-0009/","reference_id":"ntap-20230427-0009","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230427-0009/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0946","reference_id":"RHSA-2023:0946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1199","reference_id":"RHSA-2023:1199","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1199"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1405","reference_id":"RHSA-2023:1405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2165","reference_id":"RHSA-2023:2165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2932","reference_id":"RHSA-2023:2932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3354","reference_id":"RHSA-2023:3354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3355","reference_id":"RHSA-2023:3355","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3355"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3408","reference_id":"RHSA-2023:3408","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3408"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3420","reference_id":"RHSA-2023:3420","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3420"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3421","reference_id":"RHSA-2023:3421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4128","reference_id":"RHSA-2023:4128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4128"},{"reference_url":"https://usn.ubuntu.com/5844-1/","reference_id":"USN-5844-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5844-1/"},{"reference_url":"https://usn.ubuntu.com/5845-1/","reference_id":"USN-5845-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5845-1/"},{"reference_url":"https://usn.ubuntu.com/5845-2/","reference_id":"USN-5845-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5845-2/"},{"reference_url":"https://usn.ubuntu.com/6564-1/","reference_id":"USN-6564-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6564-1/"},{"reference_url":"https://usn.ubuntu.com/7894-1/","reference_id":"USN-7894-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7894-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/581149?format=json","purl":"pkg:cargo/openssl-src@300.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/openssl-src@300.0.12"}],"aliases":["CVE-2023-0215","GHSA-r7jw-wp68-3xch"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d83w-756y-3bfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50398?format=json","vulnerability_id":"VCID-frd6-gt2a-afhv","summary":"Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2097.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2097.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2097","reference_id":"","reference_type":"","scores":[{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54836","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54847","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.5487","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54888","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54876","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54879","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54829","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.5486","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2097"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/alexcrichton/openssl-src-rs","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alexcrichton/openssl-src-rs"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2097","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2097"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2022-0032.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2022-0032.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220715-0011","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220715-0011"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230420-0008","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230420-0008"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0006","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240621-0006"},{"reference_url":"https://www.debian.org/security/2023/dsa-5343","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/"}],"url":"https://www.debian.org/security/2023/dsa-5343"},{"reference_url":"https://www.openssl.org/news/secadv/20220705.txt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/"}],"url":"https://www.openssl.org/news/secadv/20220705.txt"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023424","reference_id":"1023424","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023424"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2104905","reference_id":"2104905","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2104905"},{"reference_url":"https://github.com/advisories/GHSA-3wx7-46ch-7rq2","reference_id":"GHSA-3wx7-46ch-7rq2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3wx7-46ch-7rq2"},{"reference_url":"https://security.gentoo.org/glsa/202210-02","reference_id":"GLSA-202210-02","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/"}],"url":"https://security.gentoo.org/glsa/202210-02"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220715-0011/","reference_id":"ntap-20220715-0011","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220715-0011/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230420-0008/","reference_id":"ntap-20230420-0008","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230420-0008/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/","reference_id":"R6CK57NBQFTPUMXAPJURCGXUYT76NQAK","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5818","reference_id":"RHSA-2022:5818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6224","reference_id":"RHSA-2022:6224","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6224"},{"reference_url":"https://usn.ubuntu.com/5502-1/","reference_id":"USN-5502-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5502-1/"},{"reference_url":"https://usn.ubuntu.com/6457-1/","reference_id":"USN-6457-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6457-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/","reference_id":"V6567JERRHHJW2GNGJGKDRNHR7SNPZK7","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/","reference_id":"VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/144179?format=json","purl":"pkg:cargo/openssl-src@300.0.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/openssl-src@300.0.9"}],"aliases":["CVE-2022-2097","GHSA-3wx7-46ch-7rq2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-frd6-gt2a-afhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16371?format=json","vulnerability_id":"VCID-gnpm-mnpa-3kdg","summary":"Timing based side channel\nA timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4304.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4304.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4304","reference_id":"","reference_type":"","scores":[{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48911","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48903","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48929","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48912","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48915","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48861","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48907","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48881","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2023-0007.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2023-0007.html"},{"reference_url":"https://security.gentoo.org/glsa/202402-08","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:19Z/"}],"url":"https://security.gentoo.org/glsa/202402-08"},{"reference_url":"https://www.openssl.org/news/secadv/20230207.txt","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:19Z/"}],"url":"https://www.openssl.org/news/secadv/20230207.txt"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164487","reference_id":"2164487","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164487"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4304","reference_id":"CVE-2022-4304","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4304"},{"reference_url":"https://github.com/advisories/GHSA-p52g-cm5j-mjv4","reference_id":"GHSA-p52g-cm5j-mjv4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p52g-cm5j-mjv4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0946","reference_id":"RHSA-2023:0946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1199","reference_id":"RHSA-2023:1199","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1199"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1405","reference_id":"RHSA-2023:1405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2165","reference_id":"RHSA-2023:2165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2932","reference_id":"RHSA-2023:2932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3354","reference_id":"RHSA-2023:3354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3355","reference_id":"RHSA-2023:3355","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3355"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3408","reference_id":"RHSA-2023:3408","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3408"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3420","reference_id":"RHSA-2023:3420","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3420"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3421","reference_id":"RHSA-2023:3421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4128","reference_id":"RHSA-2023:4128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4128"},{"reference_url":"https://usn.ubuntu.com/5844-1/","reference_id":"USN-5844-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5844-1/"},{"reference_url":"https://usn.ubuntu.com/6564-1/","reference_id":"USN-6564-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6564-1/"},{"reference_url":"https://usn.ubuntu.com/7894-1/","reference_id":"USN-7894-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7894-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/581149?format=json","purl":"pkg:cargo/openssl-src@300.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/openssl-src@300.0.12"}],"aliases":["CVE-2022-4304","GHSA-p52g-cm5j-mjv4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gnpm-mnpa-3kdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13325?format=json","vulnerability_id":"VCID-gsbn-6t86-7kf9","summary":"Loop with Unreachable Exit Condition ('Infinite Loop')\nThe BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters","references":[{"reference_url":"http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0778","reference_id":"","reference_type":"","scores":[{"value":"0.06432","scoring_system":"epss","scoring_elements":"0.91023","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07109","scoring_system":"epss","scoring_elements":"0.91513","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07109","scoring_system":"epss","scoring_elements":"0.91526","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07109","scoring_system":"epss","scoring_elements":"0.91532","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07394","scoring_system":"epss","scoring_elements":"0.91693","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07394","scoring_system":"epss","scoring_elements":"0.91701","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07807","scoring_system":"epss","scoring_elements":"0.91978","published_at":"2026-04-13T12:55:00Z"},{"value":"0.08117","scoring_system":"epss","scoring_elements":"0.92165","published_at":"2026-04-11T12:55:00Z"},{"value":"0.08117","scoring_system":"epss","scoring_elements":"0.92166","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0778"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4160","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778"},{"reference_url":"http://seclists.org/fulldisclosure/2022/May/33","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2022/May/33"},{"reference_url":"http://seclists.org/fulldisclosure/2022/May/35","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2022/May/35"},{"reference_url":"http://seclists.org/fulldisclosure/2022/May/38","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2022/May/38"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG"},{"reference_url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2022-0014.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2022-0014.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220321-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220321-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220321-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220321-0002/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220429-0005","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220429-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0006","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240621-0006"},{"reference_url":"https://support.apple.com/kb/HT213255","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/kb/HT213255"},{"reference_url":"https://support.apple.com/kb/HT213256","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/kb/HT213256"},{"reference_url":"https://support.apple.com/kb/HT213257","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/kb/HT213257"},{"reference_url":"https://www.debian.org/security/2022/dsa-5103","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5103"},{"reference_url":"https://www.openssl.org/news/secadv/20220315.txt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openssl.org/news/secadv/20220315.txt"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.tenable.com/security/tns-2022-06","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.tenable.com/security/tns-2022-06"},{"reference_url":"https://www.tenable.com/security/tns-2022-07","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.tenable.com/security/tns-2022-07"},{"reference_url":"https://www.tenable.com/security/tns-2022-08","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.tenable.com/security/tns-2022-08"},{"reference_url":"https://www.tenable.com/security/tns-2022-09","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.tenable.com/security/tns-2022-09"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2062202","reference_id":"2062202","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2062202"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0778","reference_id":"CVE-2022-0778","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0778"},{"reference_url":"https://github.com/advisories/GHSA-x3mh-jvjw-3xwx","reference_id":"GHSA-x3mh-jvjw-3xwx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x3mh-jvjw-3xwx"},{"reference_url":"https://security.gentoo.org/glsa/202210-02","reference_id":"GLSA-202210-02","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202210-02"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1065","reference_id":"RHSA-2022:1065","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1065"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1066","reference_id":"RHSA-2022:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1071","reference_id":"RHSA-2022:1071","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1071"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1073","reference_id":"RHSA-2022:1073","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1073"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1076","reference_id":"RHSA-2022:1076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1077","reference_id":"RHSA-2022:1077","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1077"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1078","reference_id":"RHSA-2022:1078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1082","reference_id":"RHSA-2022:1082","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1082"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1091","reference_id":"RHSA-2022:1091","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1091"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1112","reference_id":"RHSA-2022:1112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1263","reference_id":"RHSA-2022:1263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1389","reference_id":"RHSA-2022:1389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1390","reference_id":"RHSA-2022:1390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1390"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1519","reference_id":"RHSA-2022:1519","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1519"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1520","reference_id":"RHSA-2022:1520","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1520"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4896","reference_id":"RHSA-2022:4896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4896"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4899","reference_id":"RHSA-2022:4899","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4899"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5326","reference_id":"RHSA-2022:5326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5326"},{"reference_url":"https://usn.ubuntu.com/5328-1/","reference_id":"USN-5328-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5328-1/"},{"reference_url":"https://usn.ubuntu.com/5328-2/","reference_id":"USN-5328-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5328-2/"},{"reference_url":"https://usn.ubuntu.com/6457-1/","reference_id":"USN-6457-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6457-1/"},{"reference_url":"https://usn.ubuntu.com/7894-1/","reference_id":"USN-7894-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7894-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/143315?format=json","purl":"pkg:cargo/openssl-src@300.0.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/openssl-src@300.0.5"}],"aliases":["CVE-2022-0778","GHSA-x3mh-jvjw-3xwx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gsbn-6t86-7kf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52632?format=json","vulnerability_id":"VCID-ncw4-3azc-1fb5","summary":"Denial of service by double-checked locking in openssl-src\nIf an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the `-policy' argument to the command line utilities or by calling either `X509_VERIFY_PARAM_add0_policy()' or `X509_VERIFY_PARAM_set1_policies()' functions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3996.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3996.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3996","reference_id":"","reference_type":"","scores":[{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38614","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38651","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38675","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38606","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38657","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38667","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38677","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38639","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3996"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/alexcrichton/openssl-src-rs","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alexcrichton/openssl-src-rs"},{"reference_url":"https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T21:11:25Z/"}],"url":"https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3996","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3996"},{"reference_url":"https://www.openssl.org/news/secadv/20221213.txt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T21:11:25Z/"}],"url":"https://www.openssl.org/news/secadv/20221213.txt"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027102","reference_id":"1027102","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027102"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2153239","reference_id":"2153239","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2153239"},{"reference_url":"https://github.com/advisories/GHSA-vr8j-hgmm-jh9r","reference_id":"GHSA-vr8j-hgmm-jh9r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vr8j-hgmm-jh9r"},{"reference_url":"https://usn.ubuntu.com/6039-1/","reference_id":"USN-6039-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6039-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/581149?format=json","purl":"pkg:cargo/openssl-src@300.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/openssl-src@300.0.12"}],"aliases":["CVE-2022-3996","GHSA-vr8j-hgmm-jh9r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ncw4-3azc-1fb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16589?format=json","vulnerability_id":"VCID-tk2r-atbr-73ge","summary":"Out-of-bounds Read\nA read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. The read buffer overrun might result in a crash which could lead to a denial of service attack. In theory it could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext) although we are not aware of any working exploit leading to memory contents disclosure as of the time of release of this advisory. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4203.json","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4203.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4203","reference_id":"","reference_type":"","scores":[{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73038","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73044","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73065","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73041","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73027","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.7299","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73014","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.72994","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4203"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:14Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc"},{"reference_url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2023-0008.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2023-0008.html"},{"reference_url":"https://security.gentoo.org/glsa/202402-08","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:14Z/"}],"url":"https://security.gentoo.org/glsa/202402-08"},{"reference_url":"https://www.openssl.org/news/secadv/20230207.txt","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:14Z/"}],"url":"https://www.openssl.org/news/secadv/20230207.txt"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164488","reference_id":"2164488","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164488"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4203","reference_id":"CVE-2022-4203","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4203"},{"reference_url":"https://github.com/advisories/GHSA-w67w-mw4j-8qrv","reference_id":"GHSA-w67w-mw4j-8qrv","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w67w-mw4j-8qrv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0946","reference_id":"RHSA-2023:0946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1199","reference_id":"RHSA-2023:1199","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1199"},{"reference_url":"https://usn.ubuntu.com/5844-1/","reference_id":"USN-5844-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5844-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/581149?format=json","purl":"pkg:cargo/openssl-src@300.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/openssl-src@300.0.12"}],"aliases":["CVE-2022-4203","GHSA-w67w-mw4j-8qrv"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tk2r-atbr-73ge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14301?format=json","vulnerability_id":"VCID-ttju-tw1d-f3ay","summary":"Improper Certificate Validation\nThe function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL \"ocsp\" application. When verifying an ocsp response with the \"-no_cert_checks\" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1343.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1343.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1343","reference_id":"","reference_type":"","scores":[{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.3478","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34643","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.3486","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34887","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34766","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.3481","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34838","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34843","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34805","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1343"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:12Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/github/advisory-database/issues/405","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/github/advisory-database/issues/405"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2022-0027.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2022-0027.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220602-0009","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220602-0009"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220602-0009/","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:12Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220602-0009/"},{"reference_url":"https://www.openssl.org/news/secadv/20220503.txt","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:12Z/"}],"url":"https://www.openssl.org/news/secadv/20220503.txt"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2087911","reference_id":"2087911","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2087911"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1343","reference_id":"CVE-2022-1343","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1343"},{"reference_url":"https://github.com/advisories/GHSA-mfm6-r9g2-q4r7","reference_id":"GHSA-mfm6-r9g2-q4r7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mfm6-r9g2-q4r7"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a","reference_id":"?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:12Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6224","reference_id":"RHSA-2022:6224","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6224"},{"reference_url":"https://usn.ubuntu.com/5402-1/","reference_id":"USN-5402-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5402-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/143406?format=json","purl":"pkg:cargo/openssl-src@300.0.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/openssl-src@300.0.6"}],"aliases":["CVE-2022-1343","GHSA-mfm6-r9g2-q4r7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ttju-tw1d-f3ay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14306?format=json","vulnerability_id":"VCID-wxvb-73gj-p3eu","summary":"Use of a Broken or Risky Cryptographic Algorithm\nThe OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. If both endpoints are OpenSSL 3.0 then the attacker could modify data being sent in both directions. In this case both clients and servers could be affected, regardless of the application protocol. Note that in the absence of an attacker this bug means that an OpenSSL 3.0 endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete the handshake when using this ciphersuite. The confidentiality of data is not impacted by this issue, i.e. an attacker cannot decrypt data that has been encrypted using this ciphersuite - they can only modify it. In order for this attack to work both endpoints must legitimately negotiate the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in OpenSSL 3.0, and is not available within the default provider or the default ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the following must have occurred: 1) OpenSSL must have been compiled with the (non-default) compile time option enable-weak-ssl-ciphers 2) OpenSSL must have had the legacy provider explicitly loaded (either through application code or via configuration) 3) The ciphersuite must have been explicitly added to the ciphersuite list 4) The libssl security level must have been set to 0 (default is 1) 5) A version of SSL/TLS below TLSv1.3 must have been negotiated 6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any others that both endpoints have in common Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1434.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1434.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1434","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.2067","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20722","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20766","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20746","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20695","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20838","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20686","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20895","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.2061","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1434"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/github/advisory-database/issues/405","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/github/advisory-database/issues/405"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7d56a74a96828985db7354a55227a511615f732b","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7d56a74a96828985db7354a55227a511615f732b"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2022-0026.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2022-0026.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220602-0009","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220602-0009"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220602-0009/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220602-0009/"},{"reference_url":"https://www.openssl.org/news/secadv/20220503.txt","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openssl.org/news/secadv/20220503.txt"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2087912","reference_id":"2087912","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2087912"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1434","reference_id":"CVE-2022-1434","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1434"},{"reference_url":"https://github.com/advisories/GHSA-638m-m8mh-7gw2","reference_id":"GHSA-638m-m8mh-7gw2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-638m-m8mh-7gw2"},{"reference_url":"https://usn.ubuntu.com/5402-1/","reference_id":"USN-5402-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5402-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/143406?format=json","purl":"pkg:cargo/openssl-src@300.0.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/openssl-src@300.0.6"}],"aliases":["CVE-2022-1434","GHSA-638m-m8mh-7gw2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wxvb-73gj-p3eu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16373?format=json","vulnerability_id":"VCID-x2wm-3tk7-wbbv","summary":"Access of Resource Using Incompatible Type ('Type Confusion')\nThere is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0286.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0286.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0286","reference_id":"","reference_type":"","scores":[{"value":"0.88474","scoring_system":"epss","scoring_elements":"0.99496","published_at":"2026-04-04T12:55:00Z"},{"value":"0.88474","scoring_system":"epss","scoring_elements":"0.99495","published_at":"2026-04-02T12:55:00Z"},{"value":"0.88981","scoring_system":"epss","scoring_elements":"0.99526","published_at":"2026-04-13T12:55:00Z"},{"value":"0.88981","scoring_system":"epss","scoring_elements":"0.99525","published_at":"2026-04-11T12:55:00Z"},{"value":"0.89087","scoring_system":"epss","scoring_elements":"0.99528","published_at":"2026-04-07T12:55:00Z"},{"value":"0.89087","scoring_system":"epss","scoring_elements":"0.99529","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0286"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286"},{"reference_url":"https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/"}],"url":"https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt"},{"reference_url":"https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/"}],"url":"https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pyca/cryptography","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d"},{"reference_url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2023-0006.html","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2023-0006.html"},{"reference_url":"https://security.gentoo.org/glsa/202402-08","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/"}],"url":"https://security.gentoo.org/glsa/202402-08"},{"reference_url":"https://www.openssl.org/news/secadv/20230207.txt","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/"}],"url":"https://www.openssl.org/news/secadv/20230207.txt"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164440","reference_id":"2164440","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164440"},{"reference_url":"https://access.redhat.com/security/cve/cve-2023-0286","reference_id":"CVE-2023-0286","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2023-0286"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0286","reference_id":"CVE-2023-0286","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0286"},{"reference_url":"https://github.com/advisories/GHSA-x4qr-2fvf-3mr5","reference_id":"GHSA-x4qr-2fvf-3mr5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x4qr-2fvf-3mr5"},{"reference_url":"https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5","reference_id":"GHSA-x4qr-2fvf-3mr5","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0946","reference_id":"RHSA-2023:0946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1199","reference_id":"RHSA-2023:1199","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1199"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1335","reference_id":"RHSA-2023:1335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1405","reference_id":"RHSA-2023:1405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1437","reference_id":"RHSA-2023:1437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1438","reference_id":"RHSA-2023:1438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1438"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1439","reference_id":"RHSA-2023:1439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1440","reference_id":"RHSA-2023:1440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1441","reference_id":"RHSA-2023:1441","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1441"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2022","reference_id":"RHSA-2023:2022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2165","reference_id":"RHSA-2023:2165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2932","reference_id":"RHSA-2023:2932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3354","reference_id":"RHSA-2023:3354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3355","reference_id":"RHSA-2023:3355","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3355"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3420","reference_id":"RHSA-2023:3420","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3420"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3421","reference_id":"RHSA-2023:3421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4124","reference_id":"RHSA-2023:4124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4128","reference_id":"RHSA-2023:4128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4252","reference_id":"RHSA-2023:4252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5209","reference_id":"RHSA-2023:5209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5209"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5136","reference_id":"RHSA-2024:5136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5136"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6095","reference_id":"RHSA-2024:6095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7733","reference_id":"RHSA-2025:7733","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7733"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7895","reference_id":"RHSA-2025:7895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7937","reference_id":"RHSA-2025:7937","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7937"},{"reference_url":"https://usn.ubuntu.com/5844-1/","reference_id":"USN-5844-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5844-1/"},{"reference_url":"https://usn.ubuntu.com/5845-1/","reference_id":"USN-5845-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5845-1/"},{"reference_url":"https://usn.ubuntu.com/5845-2/","reference_id":"USN-5845-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5845-2/"},{"reference_url":"https://usn.ubuntu.com/6564-1/","reference_id":"USN-6564-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6564-1/"},{"reference_url":"https://usn.ubuntu.com/7894-1/","reference_id":"USN-7894-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7894-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/581149?format=json","purl":"pkg:cargo/openssl-src@300.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/openssl-src@300.0.12"}],"aliases":["CVE-2023-0286","GHSA-x4qr-2fvf-3mr5"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x2wm-3tk7-wbbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46268?format=json","vulnerability_id":"VCID-xq7s-zrwb-yffw","summary":"Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in remote code execution.","references":[{"reference_url":"http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3786.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3786.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3786","reference_id":"","reference_type":"","scores":[{"value":"0.2063","scoring_system":"epss","scoring_elements":"0.95557","published_at":"2026-04-02T12:55:00Z"},{"value":"0.2063","scoring_system":"epss","scoring_elements":"0.95562","published_at":"2026-04-04T12:55:00Z"},{"value":"0.2063","scoring_system":"epss","scoring_elements":"0.95565","published_at":"2026-04-07T12:55:00Z"},{"value":"0.2063","scoring_system":"epss","scoring_elements":"0.95582","published_at":"2026-04-13T12:55:00Z"},{"value":"0.2063","scoring_system":"epss","scoring_elements":"0.95579","published_at":"2026-04-11T12:55:00Z"},{"value":"0.2063","scoring_system":"epss","scoring_elements":"0.9558","published_at":"2026-04-12T12:55:00Z"},{"value":"0.2063","scoring_system":"epss","scoring_elements":"0.95572","published_at":"2026-04-08T12:55:00Z"},{"value":"0.2063","scoring_system":"epss","scoring_elements":"0.95575","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3786"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/alexcrichton/openssl-src-rs","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alexcrichton/openssl-src-rs"},{"reference_url":"https://github.com/alexcrichton/openssl-src-rs/commit/4a31c14f31e1a08c18893a37e304dd1dd4b7daa3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alexcrichton/openssl-src-rs/commit/4a31c14f31e1a08c18893a37e304dd1dd4b7daa3"},{"reference_url":"https://github.com/openssl/openssl/commit/fe3b639dc19b325846f4f6801f2f4604f56e3de3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openssl/openssl/commit/fe3b639dc19b325846f4f6801f2f4604f56e3de3"},{"reference_url":"https://github.com/rustsec/advisory-db/pull/1452","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rustsec/advisory-db/pull/1452"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=c42165b5706e42f67ef8ef4c351a9a4c5d21639a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=c42165b5706e42f67ef8ef4c351a9a4c5d21639a"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:54Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3786","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3786"},{"reference_url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2022-0065.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2022-0065.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221102-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20221102-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221102-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20221102-0001/"},{"reference_url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a"},{"reference_url":"https://www.kb.cert.org/vuls/id/794340","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.kb.cert.org/vuls/id/794340"},{"reference_url":"https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/","reference_id":"","reference_type":"","scores":[],"url":"https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/"},{"reference_url":"https://www.openssl.org/news/secadv/20221101.txt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:54Z/"}],"url":"https://www.openssl.org/news/secadv/20221101.txt"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/01/15","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/01/15"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/01/16","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/01/16"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/01/17","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/01/17"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/01/18","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/01/18"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/01/19","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/01/19"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/01/20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/01/20"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/01/21","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/01/21"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/01/24","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/01/24"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/10","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/10"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/11","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/12","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/12"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/13","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/13"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/14","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/15","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/15"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/7"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/02/9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/02/9"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/03/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/03/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/03/10","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/03/10"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/03/11","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/03/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/03/2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/03/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/03/3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/03/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/03/5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/03/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/03/6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/03/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/03/7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/03/7"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/03/9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/11/03/9"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2139104","reference_id":"2139104","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2139104"},{"reference_url":"https://github.com/advisories/GHSA-h8jm-2x53-xhp5","reference_id":"GHSA-h8jm-2x53-xhp5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h8jm-2x53-xhp5"},{"reference_url":"https://security.gentoo.org/glsa/202211-01","reference_id":"GLSA-202211-01","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202211-01"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7288","reference_id":"RHSA-2022:7288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7384","reference_id":"RHSA-2022:7384","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7384"},{"reference_url":"https://usn.ubuntu.com/5710-1/","reference_id":"USN-5710-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5710-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/144707?format=json","purl":"pkg:cargo/openssl-src@300.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/openssl-src@300.0.11"}],"aliases":["CVE-2022-3786","GHSA-h8jm-2x53-xhp5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xq7s-zrwb-yffw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16376?format=json","vulnerability_id":"VCID-xqt3-3um9-8faq","summary":"NULL Pointer Dereference\nA NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0401.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0401.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0401","reference_id":"","reference_type":"","scores":[{"value":"0.01007","scoring_system":"epss","scoring_elements":"0.77056","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01007","scoring_system":"epss","scoring_elements":"0.77","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01007","scoring_system":"epss","scoring_elements":"0.77029","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01007","scoring_system":"epss","scoring_elements":"0.7701","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01007","scoring_system":"epss","scoring_elements":"0.77042","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01007","scoring_system":"epss","scoring_elements":"0.77053","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01007","scoring_system":"epss","scoring_elements":"0.77081","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01007","scoring_system":"epss","scoring_elements":"0.77061","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0401"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/alexcrichton/openssl-src-rs","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alexcrichton/openssl-src-rs"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:52Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674"},{"reference_url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2023-0013.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2023-0013.html"},{"reference_url":"https://security.gentoo.org/glsa/202402-08","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:52Z/"}],"url":"https://security.gentoo.org/glsa/202402-08"},{"reference_url":"https://www.openssl.org/news/secadv/20230207.txt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:52Z/"}],"url":"https://www.openssl.org/news/secadv/20230207.txt"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164500","reference_id":"2164500","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164500"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0401","reference_id":"CVE-2023-0401","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0401"},{"reference_url":"https://github.com/advisories/GHSA-vrh7-x64v-7vxq","reference_id":"GHSA-vrh7-x64v-7vxq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vrh7-x64v-7vxq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0946","reference_id":"RHSA-2023:0946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1199","reference_id":"RHSA-2023:1199","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1199"},{"reference_url":"https://usn.ubuntu.com/5844-1/","reference_id":"USN-5844-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5844-1/"},{"reference_url":"https://usn.ubuntu.com/6564-1/","reference_id":"USN-6564-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6564-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/581149?format=json","purl":"pkg:cargo/openssl-src@300.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/openssl-src@300.0.12"}],"aliases":["CVE-2023-0401","GHSA-vrh7-x64v-7vxq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xqt3-3um9-8faq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14305?format=json","vulnerability_id":"VCID-zhwv-pq2x-8bey","summary":"Improper Resource Shutdown or Release\nThe `OPENSSL_LH_flush()` function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1473.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1473.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1473","reference_id":"","reference_type":"","scores":[{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56062","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56079","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56102","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.5609","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.55926","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56036","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56058","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56037","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1473"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/github/advisory-database/issues/405","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/github/advisory-database/issues/405"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=64c85430f95200b6b51fe9475bd5203f7c19daf1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=64c85430f95200b6b51fe9475bd5203f7c19daf1"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2022-0025.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2022-0025.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220602-0009","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220602-0009"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220602-0009/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220602-0009/"},{"reference_url":"https://www.openssl.org/news/secadv/20220503.txt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/"}],"url":"https://www.openssl.org/news/secadv/20220503.txt"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2087913","reference_id":"2087913","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2087913"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1473","reference_id":"CVE-2022-1473","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1473"},{"reference_url":"https://github.com/advisories/GHSA-g323-fr93-4j3c","reference_id":"GHSA-g323-fr93-4j3c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g323-fr93-4j3c"},{"reference_url":"https://security.gentoo.org/glsa/202210-02","reference_id":"GLSA-202210-02","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/"}],"url":"https://security.gentoo.org/glsa/202210-02"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1","reference_id":"?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6224","reference_id":"RHSA-2022:6224","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6224"},{"reference_url":"https://usn.ubuntu.com/5402-1/","reference_id":"USN-5402-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5402-1/"},{"reference_url":"https://usn.ubuntu.com/5402-2/","reference_id":"USN-5402-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5402-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/143406?format=json","purl":"pkg:cargo/openssl-src@300.0.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/openssl-src@300.0.6"}],"aliases":["CVE-2022-1473","GHSA-g323-fr93-4j3c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zhwv-pq2x-8bey"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/openssl-src@300.0.0"}