{"url":"http://public2.vulnerablecode.io/api/packages/98335?format=json","purl":"pkg:rpm/redhat/openssl@1:3.0.1-41?arch=el9_0","type":"rpm","namespace":"redhat","name":"openssl","version":"1:3.0.1-41","qualifiers":{"arch":"el9_0"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79331?format=json","vulnerability_id":"VCID-95ub-7a6n-afdg","summary":"openssl: the c_rehash script allows command injection","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2068.json","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2068.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2068","reference_id":"","reference_type":"","scores":[{"value":"0.1858","scoring_system":"epss","scoring_elements":"0.95258","published_at":"2026-04-13T12:55:00Z"},{"value":"0.1858","scoring_system":"epss","scoring_elements":"0.95233","published_at":"2026-04-02T12:55:00Z"},{"value":"0.1858","scoring_system":"epss","scoring_elements":"0.95235","published_at":"2026-04-04T12:55:00Z"},{"value":"0.1858","scoring_system":"epss","scoring_elements":"0.95239","published_at":"2026-04-07T12:55:00Z"},{"value":"0.1858","scoring_system":"epss","scoring_elements":"0.95247","published_at":"2026-04-08T12:55:00Z"},{"value":"0.1858","scoring_system":"epss","scoring_elements":"0.9525","published_at":"2026-04-09T12:55:00Z"},{"value":"0.1858","scoring_system":"epss","scoring_elements":"0.95255","published_at":"2026-04-11T12:55:00Z"},{"value":"0.1858","scoring_system":"epss","scoring_elements":"0.95256","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2068"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c9c35870601b4a44d86ddbf512b38df38285cfa","reference_id":"","reference_type":"","scores":[],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c9c35870601b4a44d86ddbf512b38df38285cfa"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9","reference_id":"","reference_type":"","scores":[],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9639817dac8bbbaa64d09efad7464ccc405527c7","reference_id":"","reference_type":"","scores":[],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9639817dac8bbbaa64d09efad7464ccc405527c7"},{"reference_url":"https://www.openssl.org/news/secadv/20220621.txt","reference_id":"20220621.txt","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:34Z/"}],"url":"https://www.openssl.org/news/secadv/20220621.txt"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2097310","reference_id":"2097310","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2097310"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/","reference_id":"6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:34Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/"},{"reference_url":"https://security.archlinux.org/AVG-2765","reference_id":"AVG-2765","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2765"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2068","reference_id":"CVE-2022-2068","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2068"},{"reference_url":"https://www.debian.org/security/2022/dsa-5169","reference_id":"dsa-5169","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:34Z/"}],"url":"https://www.debian.org/security/2022/dsa-5169"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220707-0008/","reference_id":"ntap-20220707-0008","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:34Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220707-0008/"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa","reference_id":"?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:34Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9","reference_id":"?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:34Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7","reference_id":"?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:34Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5818","reference_id":"RHSA-2022:5818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6224","reference_id":"RHSA-2022:6224","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6224"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8840","reference_id":"RHSA-2022:8840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8913","reference_id":"RHSA-2022:8913","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8913"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8917","reference_id":"RHSA-2022:8917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5931","reference_id":"RHSA-2023:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5979","reference_id":"RHSA-2023:5979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5980","reference_id":"RHSA-2023:5980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5982","reference_id":"RHSA-2023:5982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"},{"reference_url":"https://usn.ubuntu.com/5488-1/","reference_id":"USN-5488-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5488-1/"},{"reference_url":"https://usn.ubuntu.com/5488-2/","reference_id":"USN-5488-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5488-2/"},{"reference_url":"https://usn.ubuntu.com/6457-1/","reference_id":"USN-6457-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6457-1/"},{"reference_url":"https://usn.ubuntu.com/7018-1/","reference_id":"USN-7018-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7018-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/","reference_id":"VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:34Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"}],"fixed_packages":[],"aliases":["CVE-2022-2068"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-95ub-7a6n-afdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50398?format=json","vulnerability_id":"VCID-frd6-gt2a-afhv","summary":"Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2097.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2097.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2097","reference_id":"","reference_type":"","scores":[{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54836","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54847","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.5487","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54888","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54876","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54879","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54829","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.5486","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2097"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/alexcrichton/openssl-src-rs","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alexcrichton/openssl-src-rs"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2097","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2097"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2022-0032.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2022-0032.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220715-0011","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220715-0011"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230420-0008","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230420-0008"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0006","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240621-0006"},{"reference_url":"https://www.debian.org/security/2023/dsa-5343","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/"}],"url":"https://www.debian.org/security/2023/dsa-5343"},{"reference_url":"https://www.openssl.org/news/secadv/20220705.txt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/"}],"url":"https://www.openssl.org/news/secadv/20220705.txt"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023424","reference_id":"1023424","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023424"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2104905","reference_id":"2104905","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2104905"},{"reference_url":"https://github.com/advisories/GHSA-3wx7-46ch-7rq2","reference_id":"GHSA-3wx7-46ch-7rq2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3wx7-46ch-7rq2"},{"reference_url":"https://security.gentoo.org/glsa/202210-02","reference_id":"GLSA-202210-02","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/"}],"url":"https://security.gentoo.org/glsa/202210-02"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220715-0011/","reference_id":"ntap-20220715-0011","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220715-0011/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230420-0008/","reference_id":"ntap-20230420-0008","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230420-0008/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/","reference_id":"R6CK57NBQFTPUMXAPJURCGXUYT76NQAK","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5818","reference_id":"RHSA-2022:5818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6224","reference_id":"RHSA-2022:6224","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6224"},{"reference_url":"https://usn.ubuntu.com/5502-1/","reference_id":"USN-5502-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5502-1/"},{"reference_url":"https://usn.ubuntu.com/6457-1/","reference_id":"USN-6457-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6457-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/","reference_id":"V6567JERRHHJW2GNGJGKDRNHR7SNPZK7","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/","reference_id":"VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"}],"fixed_packages":[],"aliases":["CVE-2022-2097","GHSA-3wx7-46ch-7rq2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-frd6-gt2a-afhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14307?format=json","vulnerability_id":"VCID-q2ae-5r8q-3fbv","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nThe `c_rehash` script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the `c_rehash` script is considered obsolete and should be replaced by the OpenSSL `rehash` command line tool.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1292.json","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1292.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1292","reference_id":"","reference_type":"","scores":[{"value":"0.38986","scoring_system":"epss","scoring_elements":"0.97271","published_at":"2026-04-13T12:55:00Z"},{"value":"0.38986","scoring_system":"epss","scoring_elements":"0.97246","published_at":"2026-04-01T12:55:00Z"},{"value":"0.38986","scoring_system":"epss","scoring_elements":"0.9727","published_at":"2026-04-12T12:55:00Z"},{"value":"0.38986","scoring_system":"epss","scoring_elements":"0.97265","published_at":"2026-04-08T12:55:00Z"},{"value":"0.38986","scoring_system":"epss","scoring_elements":"0.97258","published_at":"2026-04-07T12:55:00Z"},{"value":"0.38986","scoring_system":"epss","scoring_elements":"0.97252","published_at":"2026-04-02T12:55:00Z"},{"value":"0.38986","scoring_system":"epss","scoring_elements":"0.97269","published_at":"2026-04-11T12:55:00Z"},{"value":"0.38986","scoring_system":"epss","scoring_elements":"0.97266","published_at":"2026-04-09T12:55:00Z"},{"value":"0.38986","scoring_system":"epss","scoring_elements":"0.97257","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1292"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2","reference_id":"","reference_type":"","scores":[],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb","reference_id":"","reference_type":"","scores":[],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23","reference_id":"","reference_type":"","scores":[],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23"},{"reference_url":"https://www.openssl.org/news/secadv/20220503.txt","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/"}],"url":"https://www.openssl.org/news/secadv/20220503.txt"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2081494","reference_id":"2081494","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2081494"},{"reference_url":"https://security.archlinux.org/AVG-2702","reference_id":"AVG-2702","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2702"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1292","reference_id":"CVE-2022-1292","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1292"},{"reference_url":"https://www.debian.org/security/2022/dsa-5139","reference_id":"dsa-5139","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/"}],"url":"https://www.debian.org/security/2022/dsa-5139"},{"reference_url":"https://security.gentoo.org/glsa/202210-02","reference_id":"GLSA-202210-02","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/"}],"url":"https://security.gentoo.org/glsa/202210-02"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html","reference_id":"msg00019.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2","reference_id":"?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb","reference_id":"?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23","reference_id":"?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5818","reference_id":"RHSA-2022:5818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6224","reference_id":"RHSA-2022:6224","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6224"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8840","reference_id":"RHSA-2022:8840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8913","reference_id":"RHSA-2022:8913","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8913"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8917","reference_id":"RHSA-2022:8917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5931","reference_id":"RHSA-2023:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5979","reference_id":"RHSA-2023:5979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5980","reference_id":"RHSA-2023:5980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5982","reference_id":"RHSA-2023:5982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6818","reference_id":"RHSA-2023:6818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6818"},{"reference_url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011","reference_id":"SNWLID-2022-0011","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/"}],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011"},{"reference_url":"https://usn.ubuntu.com/5402-1/","reference_id":"USN-5402-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5402-1/"},{"reference_url":"https://usn.ubuntu.com/5402-2/","reference_id":"USN-5402-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5402-2/"},{"reference_url":"https://usn.ubuntu.com/6457-1/","reference_id":"USN-6457-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6457-1/"},{"reference_url":"https://usn.ubuntu.com/7018-1/","reference_id":"USN-7018-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7018-1/"},{"reference_url":"https://usn.ubuntu.com/7060-1/","reference_id":"USN-7060-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7060-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/","reference_id":"VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/","reference_id":"ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/"}],"fixed_packages":[],"aliases":["CVE-2022-1292"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q2ae-5r8q-3fbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14301?format=json","vulnerability_id":"VCID-ttju-tw1d-f3ay","summary":"Improper Certificate Validation\nThe function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL \"ocsp\" application. When verifying an ocsp response with the \"-no_cert_checks\" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1343.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1343.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1343","reference_id":"","reference_type":"","scores":[{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.3478","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34643","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.3486","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34887","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34766","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.3481","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34838","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34843","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34805","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1343"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:12Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/github/advisory-database/issues/405","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/github/advisory-database/issues/405"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2022-0027.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2022-0027.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220602-0009","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220602-0009"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220602-0009/","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:12Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220602-0009/"},{"reference_url":"https://www.openssl.org/news/secadv/20220503.txt","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:12Z/"}],"url":"https://www.openssl.org/news/secadv/20220503.txt"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2087911","reference_id":"2087911","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2087911"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1343","reference_id":"CVE-2022-1343","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1343"},{"reference_url":"https://github.com/advisories/GHSA-mfm6-r9g2-q4r7","reference_id":"GHSA-mfm6-r9g2-q4r7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mfm6-r9g2-q4r7"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a","reference_id":"?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:12Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6224","reference_id":"RHSA-2022:6224","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6224"},{"reference_url":"https://usn.ubuntu.com/5402-1/","reference_id":"USN-5402-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5402-1/"}],"fixed_packages":[],"aliases":["CVE-2022-1343","GHSA-mfm6-r9g2-q4r7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ttju-tw1d-f3ay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14305?format=json","vulnerability_id":"VCID-zhwv-pq2x-8bey","summary":"Improper Resource Shutdown or Release\nThe `OPENSSL_LH_flush()` function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1473.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1473.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1473","reference_id":"","reference_type":"","scores":[{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56062","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56079","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56102","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.5609","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.55926","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56036","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56058","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56037","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1473"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/github/advisory-database/issues/405","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/github/advisory-database/issues/405"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=64c85430f95200b6b51fe9475bd5203f7c19daf1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=64c85430f95200b6b51fe9475bd5203f7c19daf1"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2022-0025.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2022-0025.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220602-0009","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220602-0009"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220602-0009/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220602-0009/"},{"reference_url":"https://www.openssl.org/news/secadv/20220503.txt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/"}],"url":"https://www.openssl.org/news/secadv/20220503.txt"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2087913","reference_id":"2087913","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2087913"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1473","reference_id":"CVE-2022-1473","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1473"},{"reference_url":"https://github.com/advisories/GHSA-g323-fr93-4j3c","reference_id":"GHSA-g323-fr93-4j3c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g323-fr93-4j3c"},{"reference_url":"https://security.gentoo.org/glsa/202210-02","reference_id":"GLSA-202210-02","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/"}],"url":"https://security.gentoo.org/glsa/202210-02"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1","reference_id":"?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/"}],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6224","reference_id":"RHSA-2022:6224","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6224"},{"reference_url":"https://usn.ubuntu.com/5402-1/","reference_id":"USN-5402-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5402-1/"},{"reference_url":"https://usn.ubuntu.com/5402-2/","reference_id":"USN-5402-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5402-2/"}],"fixed_packages":[],"aliases":["CVE-2022-1473","GHSA-g323-fr93-4j3c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zhwv-pq2x-8bey"}],"fixing_vulnerabilities":[],"risk_score":"4.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssl@1:3.0.1-41%3Farch=el9_0"}