CVE-2022-0778

Published on: Not Yet Published

Last Modified on: 11/09/2022 08:43:00 PM UTC

CVE-2022-0778

Source: Mitre Source: NIST CVE.ORG Print: PDF PDF
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Certain versions of Debian Linux from Debian contain the following vulnerability:

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).

  • CVE-2022-0778 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.
  • Affected Vendor/Software: URL Logo OpenSSL - OpenSSL version Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1)
  • Affected Vendor/Software: URL Logo OpenSSL - OpenSSL version Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m)
  • Affected Vendor/Software: URL Logo OpenSSL - OpenSSL version Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc)

CVSS3 Score: 7.5 - HIGH

Attack
Vector 		Attack
Complexity		 Privileges
Required		 User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
UNCHANGED NONE NONE HIGH

CVSS2 Score: 5 - MEDIUM

Access
Vector		 Access
Complexity		 Authentication
NETWORK LOW NONE
Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
NONE NONE PARTIAL

CVE References

Description Tags Link
CVE-2022-0778 OpenSSL Vulnerability in NetApp Products | NetApp Product Security security.netapp.com
text/html
 URL Logo CONFIRM security.netapp.com/advisory/ntap-20220321-0002/
About the security content of macOS Big Sur 11.6.6 - Apple Support support.apple.com
text/html
 URL Logo CONFIRM support.apple.com/kb/HT213256
Full Disclosure: APPLE-SA-2022-05-16-2 macOS Monterey 12.4 seclists.org
text/html
 URL Logo FULLDISC 20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4
About the security content of macOS Monterey 12.4 - Apple Support support.apple.com
text/html
 URL Logo CONFIRM support.apple.com/kb/HT213257
Oracle Critical Patch Update Advisory - April 2022 www.oracle.com
text/html
 URL Logo MISC www.oracle.com/security-alerts/cpuapr2022.html
OpenSSL: Multiple Vulnerabilities (GLSA 202210-02) — Gentoo security security.gentoo.org
text/html
 URL Logo GENTOO GLSA-202210-02
[R1] Nessus Versions 8.15.4 and 10.1.2 Fix One Third-Party Vulnerability - Security Advisory | Tenable® www.tenable.com
text/html
 URL Logo CONFIRM www.tenable.com/security/tns-2022-06
About the security content of Security Update 2022-004 Catalina - Apple Support support.apple.com
text/html
 URL Logo CONFIRM support.apple.com/kb/HT213255
[R1] Nessus Agent Versions 8.3.3 and 10.1.3 Fix One Third-Party Vulnerability - Security Advisory | Tenable® www.tenable.com
text/html
 URL Logo CONFIRM www.tenable.com/security/tns-2022-07
[SECURITY] Fedora 36 Update: openssl1.1-1.1.1n-1.fc36 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
text/html
 URL Logo FEDORA FEDORA-2022-8bb51f6901
git.openssl.org Git - openssl.git/commitdiff git.openssl.org
text/xml
 URL Logo CONFIRM git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246
[R1] Tenable.sc 5.21.0 Fixes Multiple Third-Party Vulnerabilities - Security Advisory | Tenable® www.tenable.com
text/html
 URL Logo CONFIRM www.tenable.com/security/tns-2022-09
[SECURITY] [DLA 2952-1] openssl security update lists.debian.org
text/html
 URL Logo MLIST [debian-lts-announce] 20220317 [SECURITY] [DLA 2952-1] openssl security update
[R1] Stand-alone Security Patch Available for Tenable.sc versions 5.19.0 to 5.20.1: Patch 202204.1 - Security Advisory | Tenable® www.tenable.com
text/html
 URL Logo CONFIRM www.tenable.com/security/tns-2022-08
Debian -- Security Information -- DSA-5103-1 openssl www.debian.org
Depreciated Link
text/html
 URL Logo DEBIAN DSA-5103
cert-portal.siemens.com
application/pdf
 URL Logo CONFIRM cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf
Full Disclosure: APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6 seclists.org
text/html
 URL Logo FULLDISC 20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6
[SECURITY] Fedora 34 Update: openssl-1.1.1n-1.fc34 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
text/html
 URL Logo FEDORA FEDORA-2022-9e88b5d8d7
git.openssl.org Git - openssl.git/commitdiff git.openssl.org
text/xml
Inactive LinkNot Archived
 URL Logo CONFIRM git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83
www.openssl.org
text/plain
 URL Logo CONFIRM www.openssl.org/news/secadv/20220315.txt
Security Advisory psirt.global.sonicwall.com
text/html
 URL Logo CONFIRM psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002
April 2022 MySQL Server Vulnerabilities in NetApp Products | NetApp Product Security security.netapp.com
text/html
 URL Logo CONFIRM security.netapp.com/advisory/ntap-20220429-0005/
OpenSSL 1.0.2 / 1.1.1 / 3.0 BN_mod_sqrt() Infinite Loop ≈ Packet Storm packetstormsecurity.com
text/html
 URL Logo MISC packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html
Full Disclosure: APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina seclists.org
text/html
 URL Logo FULLDISC 20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina
Oracle Critical Patch Update Advisory - July 2022 www.oracle.com
text/html
 URL Logo MISC www.oracle.com/security-alerts/cpujul2022.html
[SECURITY] [DLA 2953-1] openssl1.0 security update lists.debian.org
text/html
 URL Logo MLIST [debian-lts-announce] 20220317 [SECURITY] [DLA 2953-1] openssl1.0 security update
[SECURITY] Fedora 35 Update: openssl-1.1.1n-1.fc35 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
text/html
 URL Logo FEDORA FEDORA-2022-a5f51502f0
git.openssl.org Git - openssl.git/commitdiff git.openssl.org
text/xml
 URL Logo CONFIRM git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65
By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

  • 159721 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-9224)
  • 159722 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-9237)
  • 159723 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-9225)
  • 159726 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-9233)
  • 159728 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-9243)
  • 159730 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-9246)
  • 159734 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-1066)
  • 159735 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-1065)
  • 159736 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-9249)
  • 159737 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-9255)
  • 159738 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-9258)
  • 159747 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-9272)
  • 159945 Oracle Enterprise Linux Security Update for compat-openssl11 (ELSA-2022-4899)
  • 159953 Oracle Enterprise Linux Security Update for compat-openssl10 (ELSA-2022-5326)
  • 179131 Debian Security Update for openssl1.0 (DLA 2953-1)
  • 179132 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DLA 2952-1)
  • 179142 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 5103-1)
  • 198702 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerability (USN-5328-1)
  • 20256 Oracle MySQL April 2022 Critical Patch Update (CPUAPR2022)
  • 240170 Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2022:1065)
  • 240185 Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2022:1066)
  • 240188 Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2022:1071)
  • 240194 Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2022:1091)
  • 240235 Red Hat Update for JBoss Core Services (RHSA-2022:1389)
  • 240410 Red Hat Update for compat-openssl11 (RHSA-2022:4899)
  • 240432 Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2022:1078)
  • 240451 Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2022:1077)
  • 240532 Red Hat Update for compat-openssl10 (RHSA-2022:5326)
  • 257163 CentOS Security Update for Open Secure Sockets Layer (OpenSSL) (CESA-2022:1066)
  • 282498 Fedora Security Update for Open Secure Sockets Layer (OpenSSL) (FEDORA-2022-a5f51502f0)
  • 282550 Fedora Security Update for Open Secure Sockets Layer (OpenSSL) (FEDORA-2022-9e88b5d8d7)
  • 296057 Oracle Solaris 11.4 Support Repository Update (SRU) 44.113.4 Missing (bulletinapr2022)
  • 296082 Oracle Solaris 11.4 Support Repository Update (SRU) 48.126.1 Missing (CPUJUL2022)
  • 330104 IBM Advanced Interactive eXecutive (AIX) Open Secure Sockets Layer (OpenSSL) Denial of Service (DoS) Vulnerability (openssl_advisory35)
  • 353201 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS-2022-1575
  • 353202 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL), Open Secure Sockets Layer11 (OpenSSL11) : ALAS2-2022-1766
  • 353278 Amazon Linux Security Advisory for aws-nitro-enclaves-acm, aws-nitro-enclaves-acm : ALAS2NITRO-ENCLAVES-2022-018
  • 354459 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2022-2022-195
  • 354463 Amazon Linux Security Advisory for openssl, Open Secure Sockets Layer1.1 (OpenSSL1.1) : ALAS2022-2022-041
  • 354476 Amazon Linux Security Advisory for mariadb105 : ALAS2022-2022-182
  • 354579 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS-2022-195
  • 354628 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : AL2012-2022-360
  • 355152 Amazon Linux Security Advisory for mariadb105 : ALAS2023-2023-037
  • 355250 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2023-2023-051
  • 376497 F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM) Open Secure Sockets Layer (OpenSSL) Vulnerability (K31323265)
  • 376546 Oracle Java Standard Edition (SE) Critical Patch Update - April 2022 (CPUAPR2022)
  • 376558 Palo Alto Networks (GlobalProtect App) of the Openssl Infinite Loop Vulnerability (PAN-190175, PAN-190223)
  • 376559 Palo Alto Networks (GlobalProtect App) of the Openssl Infinite Loop Vulnerability (PAN-190175, PAN-190223)
  • 376560 Palo Alto Networks (GlobalProtect App) of the Openssl Infinite Loop Vulnerability (PAN-190175, PAN-190223)
  • 376561 Palo Alto Networks (GlobalProtect App) of the Openssl Infinite Loop Vulnerability (PAN-190175, PAN-190223)
  • 376562 Palo Alto Networks (GlobalProtect App) of the Openssl Infinite Loop Vulnerability (PAN-190175, PAN-190223)
  • 376563 Palo Alto Networks (GlobalProtect App) Impact of the Open Secure Sockets Layer (OpenSSL) Infinite Loop Vulnerability (PAN-190175, PAN-190223)
  • 376575 MySQL Workbench Denial of Service (DoS) Vulnerability (cpuapr2022)
  • 376603 FortiGate FortiManager and FortiAnalyzer Denial of Service (DoS) Vulnerability (FG-IR-22-059)
  • 376607 Apple macOS Security Update 2022-004 Catalina (HT213255)
  • 376608 Apple MacOS Big Sur 11.6.6 Not Installed (HT213256)
  • 376612 Apple macOS Monterey 12.4 Not Installed (HT213257)
  • 376879 Alibaba Cloud Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ALINUX2-SA-2022:0019)
  • 377105 Alibaba Cloud Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ALINUX3-SA-2022:0025)
  • 377361 Alibaba Cloud Linux Security Update for compat-openssl10 (ALINUX3-SA-2022:0130)
  • 38864 Pulse Connect Secure Denial of Service (DoS) Vulnerability (SA45100)
  • 43969 Juniper Network Operating System (Junos OS) Denial of Service (DoS) Vulnerability (JSA70180)
  • 44005 Arista EOS Denial of Service (DoS) Vulnerability (SA0075)
  • 500500 Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)
  • 500568 Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)
  • 500767 Alpine Linux Security Update for openssl
  • 501167 Alpine Linux Security Update for openssl
  • 501747 Alpine Linux Security Update for libretls
  • 501874 Alpine Linux Security Update for libressl
  • 501967 Alpine Linux Security Update for libretls
  • 501986 Alpine Linux Security Update for Open Secure Sockets Layer3 (OpenSSL3)
  • 502114 Alpine Linux Security Update for libressl
  • 502138 Alpine Linux Security Update for openjdk11
  • 502221 Alpine Linux Security Update for libretls
  • 502230 Alpine Linux Security Update for Open Secure Sockets Layer3 (OpenSSL3)
  • 502751 Alpine Linux Security Update for openssl
  • 502905 Alpine Linux Security Update for openssl1.1-compat
  • 590870 Mitsubishi Electric MELSOFT iQ AppPortal Multiple Vulnerabilities (ICSA-22-132-02)
  • 590999 PHOENIX CONTACT FL MGUARD, TC MGUARD, mGuard Device Manager and FL WLAN devices Vulnerability (VDE-2022-013)
  • 591161 Siemens SIMATIC STEP 7,SIMANTIC STEP 7 (TIA Admin),SIMATIC NET PC Software,SIMANTIC Logon,SINEC NMS and Telecontrol Server Basic Open Secure Sockets Layer (OpenSSL) Denial of Service (DoS) Vulnerability (SSA-712929)
  • 591170 Mitsubishi Electric GT SoftGOT2000 Multiple Vulnerabilities (ICSA-22-221-01)
  • 591184 Mitsubishi Electric Multiple Factory Automation Products (Update C) Multiple Vulnerabilities (ICSA-22-221-01)
  • 591311 Bosch Rexroth PRA-ES8P2S Ethernet-Switch Multiple Vulnerabilities (BOSCH-SA-247053-BT)
  • 671551 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-1578)
  • 671559 EulerOS Security Update for compat-openssl10 (EulerOS-SA-2022-1559)
  • 671598 EulerOS Security Update for openssl111d (EulerOS-SA-2022-1547)
  • 671607 EulerOS Security Update for openssl098e (EulerOS-SA-2022-1546)
  • 671615 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-1545)
  • 671667 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-1753)
  • 671686 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL)098e (EulerOS-SA-2022-1754)
  • 671730 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-1812)
  • 671732 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-1795)
  • 671779 EulerOS Security Update for shim (EulerOS-SA-2022-1853)
  • 671785 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-1873)
  • 671797 EulerOS Security Update for shim (EulerOS-SA-2022-1877)
  • 671825 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-1849)
  • 672446 EulerOS Security Update for shim (EulerOS-SA-2022-2831)
  • 672447 EulerOS Security Update for linux-sgx (EulerOS-SA-2022-2852)
  • 672458 EulerOS Security Update for shim (EulerOS-SA-2022-2857)
  • 690814 Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (ea05c456-a4fd-11ec-90de-1c697aa5a594)
  • 710638 Gentoo Linux Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (GLSA 202210-02)
  • 730419 McAfee Web Gateway Denial of Service (DoS) Vulnerabilities (WP-4554)
  • 730420 Palo Alto Networks (PAN-OS) Impact of the Open Secure Sockets Layer (OpenSSL) Infinite Loop Vulnerability (PAN-190175, PAN-190223)
  • 751879 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer-1_0_0 (OpenSSL-1_0_0) (SUSE-SU-2022:0857-1)
  • 751880 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2022:0854-1)
  • 751881 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer-1_1 (OpenSSL-1_1) (SUSE-SU-2022:0851-1)
  • 751882 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer-1_0_0 (OpenSSL-1_0_0) (SUSE-SU-2022:0856-1)
  • 751886 SUSE Enterprise Linux Security Update for Compat-Open Secure Sockets Layer098 (Compat-OpenSSL098) (SUSE-SU-2022:0859-1)
  • 751887 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer-1_1 (OpenSSL-1_1) (SUSE-SU-2022:0853-1)
  • 751888 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer-1_1 (OpenSSL-1_1) (SUSE-SU-2022:0860-1)
  • 751893 OpenSUSE Security Update for openssl-1_0_0 (openSUSE-SU-2022:0856-1)
  • 752086 SUSE Enterprise Linux Security Update for nodejs14 (SUSE-SU-2022:1462-1)
  • 752088 SUSE Enterprise Linux Security Update for nodejs12 (SUSE-SU-2022:1461-1)
  • 753099 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2022:14915-1)
  • 87523 Apache Httpd Server Open Secure Sockets Layer (OpenSSL) Denial of Service (DoS) Vulnerability
  • 900761 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (9049)
  • 900949 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (9051-1)
  • 940475 AlmaLinux Security Update for Open Secure Sockets Layer (OpenSSL) (ALSA-2022:1065)
  • 940592 AlmaLinux Security Update for compat-openssl10 (ALSA-2022:5326)
  • 960119 Rocky Linux Security Update for Open Secure Sockets Layer (OpenSSL) (RLSA-2022:1065)
  • 960339 Rocky Linux Security Update for compat-openssl10 (RLSA-2022:5326)
  • 960469 Rocky Linux Security Update for compat-openssl11 (RLSA-2022:4899)

Exploit/POC from Github

Proof of concept for CVE-2022-0778 in P12 and PEM format

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System		DebianDebian Linux10.0AllAllAll
Operating
System		DebianDebian Linux11.0AllAllAll
Operating
System		DebianDebian Linux9.0AllAllAll
Operating
System		FedoraprojectFedora34AllAllAll
Operating
System		FedoraprojectFedora35AllAllAll
Operating
System		FedoraprojectFedora36AllAllAll
ApplicationMariadbMariadbAllAllAllAll
Hardware Device InfoNetapp500f-AllAllAll
Operating
System		Netapp500f Firmware-AllAllAll
Hardware Device InfoNetappA250-AllAllAll
Operating
System		NetappA250 Firmware-AllAllAll
ApplicationNetappCloud Volumes Ontap Mediator-AllAllAll
ApplicationNetappClustered Data Ontap-AllAllAll
ApplicationNetappClustered Data Ontap Antivirus Connector-AllAllAll
ApplicationNetappSantricity Smi-s Provider-AllAllAll
ApplicationNetappStoragegrid-AllAllAll
ApplicationNodejsNode.jsAllAllAllAll
ApplicationNodejsNode.jsAllAllAllAll
ApplicationNodejsNode.jsAllAllAllAll
ApplicationNodejsNode.jsAllAllAllAll
ApplicationNodejsNode.jsAllAllAllAll
ApplicationOpensslOpensslAllAllAllAll
ApplicationTenableNessusAllAllAllAll
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*:
  • cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*:
  • cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*:
  • cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*:
  • cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*:
  • cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*:
  • cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*:

Discovery Credit

Tavis Ormandy (Google)

Social Mentions

Source Title Posted (UTC)
Twitter Icon @GuidoVranken OpenSSL CVE-2022-0778: BN_mod_sqrt() infinite loop github.com/openssl/openss… 2022-03-15 15:36:09
Twitter Icon @RandoriAttack New high severity DoS in OpenSSL just released: openssl.org/news/secadv/20… CVE-2022-0778 was reported by @taviso and a… twitter.com/i/web/status/1… 2022-03-15 16:28:52
Twitter Icon @iamamoose OpenSSL update to address DoS likely when parsing certificates CVE-2022-0778 openssl.org/news/secadv/20… 2022-03-15 16:40:40
Twitter Icon @w4yh "Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)" // OpenSSL Security Advisory mta.openssl.org/pipermail/open… 2022-03-15 16:50:44
Twitter Icon @julianor CVE-2022-0778 OpenSSL x.509 cert DoS ??? - TLS clients consuming server certificates - TLS servers consuming clie… twitter.com/i/web/status/1… 2022-03-15 16:59:02
Twitter Icon @yuuturn5 OpenSSLリリースでた。CVE-2022-0778か、明日調べよ。 2022-03-15 17:02:05
Twitter Icon @hn_frontpage OpenSSL Security Advisory for CVE-2022-0778 L: openssl.org/news/secadv/20… C: news.ycombinator.com/item?id=306876… 2022-03-15 17:03:44
Twitter Icon @hncynic Title: OpenSSL Security Advisory for CVE-2022-0778 ?: > HMAC, as it is in the OpenSSL source code, has been vulner… twitter.com/i/web/status/1… 2022-03-15 17:03:53
Twitter Icon @_drewlong OpenSSL Security Advisory for CVE-2022-0778 #security ift.tt/OlTMCEy 2022-03-15 17:04:49
Twitter Icon @radoncnotes OpenSSL Security Advisory for CVE-2022-0778 ift.tt/OlTMCEy 2 2022-03-15 17:05:36
Twitter Icon @knelsonvsi OpenSSL Security Advisory for CVE-2022-0778 ift.tt/OlTMCEy 2 2022-03-15 17:08:04
Twitter Icon @tammeke140674 OpenSSL Security Advisory for CVE-2022-0778 ift.tt/OlTMCEy 2 2022-03-15 17:08:25
Twitter Icon @HackerNewsTop10 OpenSSL Security Advisory for CVE-2022-0778 Link: openssl.org/news/secadv/20… Comments: news.ycombinator.com/item?id=306876… 2022-03-15 17:08:38
Twitter Icon @HNTweets OpenSSL Security Advisory for CVE-2022-0778: openssl.org/news/secadv/20… Comments: news.ycombinator.com/item?id=306876… 2022-03-15 17:10:03
Twitter Icon @winsontang OpenSSL Security Advisory for CVE-2022-0778 openssl.org/news/secadv/20… 2022-03-15 17:11:07
Twitter Icon @CVEreport CVE-2022-0778 : The BN_mod_sqrt function, which computes a modular square root, contains a bug that can cause it… twitter.com/i/web/status/1… 2022-03-15 17:12:50
Twitter Icon @CKsTechNews #OpenSSL #Security #Advisory for CVE-2022-0778 openssl.org/news/secadv/20… https://t.co/wxajHlNNNd 2022-03-15 17:17:12
Twitter Icon @ShillaWhale OpenSSL CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates reddit.com/r/crypto/comme…… twitter.com/i/web/status/1… 2022-03-15 18:05:07
Reddit Logo Icon /r/programming OpenSSL CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2022-03-15 17:47:29
Reddit Logo Icon /r/crypto OpenSSL CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2022-03-15 17:45:09
Reddit Logo Icon /r/linux OpenSSL CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2022-03-15 17:44:40
Reddit Logo Icon /r/netsec OpenSSL CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2022-03-15 17:44:03
Reddit Logo Icon /r/InfoSecNews CVE-2022-0778 DoS flaw in OpenSSL was fixed 2022-03-16 09:54:01
Reddit Logo Icon /r/fortinet FortiOS and CVE-2022-0778 2022-03-16 20:57:12
Reddit Logo Icon /r/vyos CVE-2022-0778: remote DoS in OpenSSL, VyOS 1.3.0 is affected 2022-03-16 20:40:11
Reddit Logo Icon /r/KibernetinisSaugumas OpenSSL pažeidžiamumas 2022-03-17 10:00:14
Reddit Logo Icon /r/CryptoToFuture r/crypto - OpenSSL CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2022-03-19 21:27:34
Reddit Logo Icon /r/paloaltonetworks CVE-2022-0778 Impact of the OpenSSL Infinite Loop Vulnerability CVE-2022-0778 2022-03-31 13:37:28
Reddit Logo Icon /r/FlaxNetwork Flax 0.1.7, based on Chia 1.3.2, released! 2022-04-02 17:46:28
Reddit Logo Icon /r/FlaxNetwork Flax 0.1.8, based on Chia 1.3.3, released! 2022-04-03 19:01:18
Reddit Logo Icon /r/Turris Turris OS 5.3.7 released 2022-04-04 12:30:06
Reddit Logo Icon /r/fortinet Vulnerability in OpenSSL library (CVE-2022-0778) 2022-04-04 07:22:30
Reddit Logo Icon /r/NETGEAR New - Voxel Custom firmware build for R9000/R8900 v. 1.0.4.59HF Released 2022-04-05 15:08:16
Reddit Logo Icon /r/NETGEAR New - Voxel Custom Firmware build for R7800 v. 1.0.2.93SF Released 2022-04-05 15:03:11
Reddit Logo Icon /r/paloaltonetworks CVE-2022-0778 OpenSSL Infinite Loop Vulnerability 2022-04-07 10:37:44
Reddit Logo Icon /r/InfoSecNews Palo Alto Networks devices affected by CVE-2022-0778 OpenSSL bug 2022-04-07 12:45:27
Reddit Logo Icon /r/blueteamsec CVE-2022-0778 Impact of the OpenSSL Infinite Loop Vulnerability CVE-2022-0778 on Palo Alto equipment 2022-04-07 17:37:23
Reddit Logo Icon /r/devopsish CVE-2022-0778 OpenSSL flaw affects multiple Palo Alto devices 2022-04-08 00:38:19
Reddit Logo Icon /r/netsec Exploiting CVE-2022-0778, a bug in OpenSSL vis-à-vis WebRTC platforms 2022-04-08 10:54:17
Reddit Logo Icon /r/sysadmin PA-820, and PanOS 9.1.13-h3 (CVE-2022-0778 fix) 2022-04-08 17:56:36
Reddit Logo Icon /r/programming Exploiting CVE-2022-0778, a bug in OpenSSL vis-à-vis WebRTC platforms 2022-04-09 20:31:09
Reddit Logo Icon /r/paloaltonetworks HELP!!! PA 450 10.1.4 to 10.1.5-h1 Upgrade 2022-04-18 00:28:27
Reddit Logo Icon /r/paloaltonetworks Who is running 9.1.13-h3 ? 2022-04-19 14:26:10
Reddit Logo Icon /r/devops OpenSSL vulnerability CVE-2022-0778 2022-04-23 03:48:13
Reddit Logo Icon /r/fortinet CVE-2022-0778 FortiOS 6.4.9 2022-04-28 16:53:02
Reddit Logo Icon /r/paloaltonetworks GP 6.0.1 is out 2022-05-04 20:39:20
Reddit Logo Icon /r/paloaltonetworks Global Protect 5.1.11 released!!!!! 2022-05-12 21:51:18
Reddit Logo Icon /r/k12cybersecurity MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution - PATCH: NOW 2022-05-17 13:11:14
Reddit Logo Icon /r/k12cybersecurity UPDATED MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution - PATCH: NOW 2022-05-18 14:59:44
Reddit Logo Icon /r/qnap New Public Beta Firmware - QTS 5.0.1.2034 - Has anyone tried it yet? Here are the patch notes. 2022-05-20 13:08:07
Reddit Logo Icon /r/Malware Impact of OpenSSL Infinite Loop Vulnerability CVE-2022-0778 2022-06-16 18:40:19
Reddit Logo Icon /r/technicaladversary OpenSSL CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2022-07-10 22:53:32
Reddit Logo Icon /r/synology DSM Version: 7.1.1-42951 (Release Candidate) 2022-08-10 06:07:14
Reddit Logo Icon /r/synology Has anyone seen the release notes for the latest DSM 7.1.1 Release Candidate. Fixes a scary amount of CVEs. 2022-08-16 14:26:29
Reddit Logo Icon /r/synology DSM 7.1.1-42962 released! 2022-09-05 11:39:36
Reddit Logo Icon /r/googlecloudupdates March 21, 2023 GCP release notes 2023-03-22 01:00:07
Reddit Logo Icon /r/googlecloudupdates March 24, 2023 GCP release notes 2023-03-25 01:00:08
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report