CVE-2022-2068

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2022-2068
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-06-21 15:15:00 UTC
Updated2023-11-07 03:46:00 UTC
DescriptionIn addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).

Risk And Classification

Problem Types: CWE-78

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Broadcom Sannav - All All All
Operating System Debian Debian Linux 10.0 All All All
Operating System Debian Debian Linux 11.0 All All All
Operating System Fedoraproject Fedora 35 All All All
Operating System Fedoraproject Fedora 36 All All All
Hardware Netapp Aff 8300 - All All All
Operating System Netapp Aff 8300 Firmware - All All All
Hardware Netapp Aff 8700 - All All All
Operating System Netapp Aff 8700 Firmware - All All All
Hardware Netapp Aff A400 - All All All
Operating System Netapp Aff A400 Firmware - All All All
Operating System Netapp Bootstrap Os - All All All
Application Netapp Element Software - All All All
Hardware Netapp Fas 8300 - All All All
Operating System Netapp Fas 8300 Firmware - All All All
Hardware Netapp Fas 8700 - All All All
Operating System Netapp Fas 8700 Firmware - All All All
Hardware Netapp Fas A400 - All All All
Operating System Netapp Fas A400 Firmware - All All All
Hardware Netapp H300s - All All All
Operating System Netapp H300s Firmware - All All All
Hardware Netapp H410c - All All All
Operating System Netapp H410c Firmware - All All All
Hardware Netapp H410s - All All All
Operating System Netapp H410s Firmware - All All All
Hardware Netapp H500s - All All All
Operating System Netapp H500s Firmware - All All All
Hardware Netapp H610c - All All All
Operating System Netapp H610c Firmware - All All All
Hardware Netapp H610s - All All All
Operating System Netapp H610s Firmware - All All All
Hardware Netapp H615c - All All All
Operating System Netapp H615c Firmware - All All All
Hardware Netapp H700s - All All All
Operating System Netapp H700s Firmware - All All All
Hardware Netapp Hci Compute Node - All All All
Application Netapp Hci Management Node - All All All
Application Netapp Ontap Antivirus Connector - All All All
Application Netapp Ontap Select Deploy Administration Utility - All All All
Application Netapp Santricity Smi-s Provider - All All All
Application Netapp Smi-s Provider - All All All
Application Netapp Snapmanager - All All All
Application Netapp Solidfire - All All All
Application Openssl Openssl All All All All
Application Siemens Sinec Ins All All All All
Application Siemens Sinec Ins 1.0 - All All
Application Siemens Sinec Ins 1.0 sp1 All All
Application Siemens Sinec Ins 1.0 sp2 All All

References

ReferenceSourceLinkTags
Debian -- Security Information -- DSA-5169-1 openssl DEBIAN www.debian.org
git.openssl.org Git git.openssl.org
git.openssl.org Git - openssl.git/commitdiff CONFIRM git.openssl.org
git.openssl.org Git - openssl.git/commitdiff git.openssl.org
[SECURITY] Fedora 35 Update: openssl-1.1.1q-1.fc35 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 36 Update: openssl1.1-1.1.1p-1.fc36 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 35 Update: openssl-1.1.1q-1.fc35 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 36 Update: openssl1.1-1.1.1p-1.fc36 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
www.openssl.org/news/secadv/20220621.txt CONFIRM www.openssl.org
cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf CONFIRM cert-portal.siemens.com
git.openssl.org Git - openssl.git/commitdiff CONFIRM git.openssl.org
git.openssl.org Git - openssl.git/commitdiff git.openssl.org
CVE-2022-2068 OpenSSL Vulnerability in NetApp Products | NetApp Product Security CONFIRM security.netapp.com
git.openssl.org Git - openssl.git/commitdiff CONFIRM git.openssl.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: Chancen (Qingteng 73lab)

Legacy QID Mappings

  • 160014 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-5818)
  • 160025 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-9683)
  • 160072 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-6224)
  • 179493 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 5169-1)
  • 181994 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2022-2068)
  • 198839 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerability (USN-5488-1)
  • 199873 Ubuntu Security Notification for Node.js Vulnerabilities (USN-6457-1)
  • 240588 Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2022:5818)
  • 240641 Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2022:6224)
  • 240996 Red Hat Update for JBoss Core Services (RHSA-2022:8840)
  • 242229 Red Hat Update for Satellite 6.11.5.6 (RHSA-2023:5980)
  • 242230 Red Hat Update for Satellite 6.12.5.2 (RHSA-2023:5979)
  • 242347 Red Hat Update for Satellite 6.14 (RHSA-2023:6818)
  • 242363 Red Hat Update for Satellite 6.13.5 (RHSA-2023:5931)
  • 282896 Fedora Security Update for openssl1.1 (FEDORA-2022-3b7d0abd0b)
  • 282968 Fedora Security Update for Open Secure Sockets Layer (OpenSSL) (FEDORA-2022-41890e9e44)
  • 296084 Oracle Solaris 11.4 Support Repository Update (SRU) 50.126.3 Missing (CPUOCT2022)
  • 296085 Oracle Solaris 11.3 Support Repository Update (SRU) 36.30.0 Missing (CPUOCT2022)
  • 330109 IBM Advanced Interactive eXecutive (AIX) Open Secure Sockets Layer (OpenSSL) Arbritary Code Execution Vulnerability (openssl_advisory36)
  • 354035 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS-2022-1626
  • 354040 Amazon Linux Security Advisory for Open Secure Sockets Layer11 (OpenSSL11) : ALAS2-2022-1832
  • 354042 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2-2022-1831
  • 354371 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2022-2022-123
  • 354459 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2022-2022-195
  • 354579 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS-2022-195
  • 354639 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : AL2012-2022-371
  • 355250 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2023-2023-051
  • 356203 Amazon Linux Security Advisory for openssl-snapsafe : ALASOPENSSL-SNAPSAFE-2023-001
  • 357333 Amazon Linux Security Advisory for edk2 : ALAS2-2024-2502
  • 377563 Alibaba Cloud Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ALINUX3-SA-2022:0148)
  • 377937 Splunk Enterprise Multiple Vulnerabilities (svd-2022-0804)
  • 38895 Open Secure Sockets Layer (OpenSSL) Command Injection Vulnerability
  • 591193 Mitsubishi Electric GT SoftGOT2000 OS COMMAND INJECTION Vulnerability (ICSA-22-319-01, 2022-012)
  • 591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
  • 672020 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-2228)
  • 672054 EulerOS Security Update for compat-openssl (EulerOS-SA-2022-2215)
  • 672094 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-2300)
  • 672096 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-2329)
  • 672153 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-2446)
  • 672162 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-2419)
  • 672172 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-2432)
  • 672251 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-2629)
  • 672447 EulerOS Security Update for linux-sgx (EulerOS-SA-2022-2852)
  • 673086 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL)111d (EulerOS-SA-2023-2162)
  • 690881 Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (4eeb93bf-f204-11ec-8fbd-d4c9ef517024)
  • 730739 IBM Aspera Faspex Multiple Security Vulnerabilities (6952319)
  • 752266 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2022:2181-1)
  • 752269 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2022:2180-1)
  • 752272 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2022:2179-1)
  • 752273 SUSE Enterprise Linux Security Update for openssl-1_1 (SUSE-SU-2022:2182-1)
  • 752280 SUSE Enterprise Linux Security Update for openssl-1_0_0 (SUSE-SU-2022:2197-1)
  • 752283 SUSE Enterprise Linux Security Update for openssl-1_1 (SUSE-SU-2022:2251-1)
  • 752298 SUSE Enterprise Linux Security Update for openssl-1_1 (SUSE-SU-2022:2308-1)
  • 752301 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2022:2309-1)
  • 752308 SUSE Enterprise Linux Security Update for openssl-3 (SUSE-SU-2022:2306-1)
  • 752323 SUSE Enterprise Linux Security Update for openssl-1_0_0 (SUSE-SU-2022:2321-1)
  • 902361 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (9971)
  • 902363 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (9967)
  • 902389 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (9967-1)
  • 902477 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (9971-1)
  • 940611 AlmaLinux Security Update for Open Secure Sockets Layer (OpenSSL) (ALSA-2022:5818)
  • 940649 AlmaLinux Security Update for Open Secure Sockets Layer (OpenSSL) (ALSA-2022:6224)
  • 960214 Rocky Linux Security Update for Open Secure Sockets Layer (OpenSSL) (RLSA-2022:5818)
  • 961065 Rocky Linux Security Update for Satellite (RLSA-2023:6818)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report