Search for packages
| purl | pkg:openssl/openssl@3.0.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4dq2-tex3-aaac
Aliases: CVE-2022-3358 GHSA-4f63-89w9-3jjv VC-OPENSSL-20220929-CVE-2022-3358 |
OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5). |
Affected by 2 other vulnerabilities. |
|
VCID-5khv-27u8-aaaa
Aliases: CVE-2022-2097 GHSA-3wx7-46ch-7rq2 VC-OPENSSL-20220705-CVE-2022-2097 |
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). |
Affected by 3 other vulnerabilities. |
|
VCID-7z6x-p6yd-aaaa
Aliases: CVE-2022-3602 GHSA-8rwr-x37p-mx23 VC-OPENSSL-20221101-CVE-2022-3602 |
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6). |
Affected by 0 other vulnerabilities. |
|
VCID-jhyx-3a27-aaae
Aliases: CVE-2022-3786 GHSA-h8jm-2x53-xhp5 VC-OPENSSL-20221101-CVE-2022-3786 |
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. |
Affected by 0 other vulnerabilities. |
|
VCID-kn91-z545-aaan
Aliases: CVE-2022-2274 GHSA-735f-pg76-fxc4 VC-OPENSSL-20220622-CVE-2022-2274 VC-OPENSSL-20220705-CVE-2022-2274 |
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-w17h-u8wd-aaaj | In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). |
CVE-2022-2068
VC-OPENSSL-20220621-CVE-2022-2068 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-01-03T20:01:25.809021+00:00 | OpenSSL Importer | Fixing | VCID-w17h-u8wd-aaaj | https://www.openssl.org/news/secadv/20220621.txt | 34.0.0rc1 |
| 2024-01-03T20:01:25.753934+00:00 | OpenSSL Importer | Affected by | VCID-kn91-z545-aaan | https://www.openssl.org/news/secadv/20220705.txt | 34.0.0rc1 |
| 2024-01-03T20:01:25.623209+00:00 | OpenSSL Importer | Affected by | VCID-5khv-27u8-aaaa | https://www.openssl.org/news/secadv/20220705.txt | 34.0.0rc1 |
| 2024-01-03T20:01:25.570865+00:00 | OpenSSL Importer | Affected by | VCID-4dq2-tex3-aaac | https://www.openssl.org/news/secadv/20221011.txt | 34.0.0rc1 |
| 2024-01-03T20:01:25.516865+00:00 | OpenSSL Importer | Affected by | VCID-7z6x-p6yd-aaaa | https://www.openssl.org/news/secadv/20221101.txt | 34.0.0rc1 |
| 2024-01-03T20:01:25.462796+00:00 | OpenSSL Importer | Affected by | VCID-jhyx-3a27-aaae | https://www.openssl.org/news/secadv/20221101.txt | 34.0.0rc1 |