CVE-2022-4450

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2022-4450
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2023-02-08 20:15:00 UTC
Updated2024-02-04 09:15:00 UTC
DescriptionThe function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.

Risk And Classification

Problem Types: CWE-415

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Openssl Openssl All All All All
Application Stormshield Stormshield Network Security All All All All

References

ReferenceSourceLinkTags
git.openssl.org Git - openssl.git/commitdiff MISC git.openssl.org
www.openssl.org/news/secadv/20230207.txt MISC www.openssl.org
OpenSSL: Multiple Vulnerabilities (GLSA 202402-08) — Gentoo security security.gentoo.org
git.openssl.org Git - openssl.git/commitdiff MISC git.openssl.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 160481 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2023-0946)
  • 160492 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2023-12152)
  • 160521 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2023-1405)
  • 160523 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2023-12213)
  • 160621 Oracle Enterprise Linux Security Update for edk2 (ELSA-2023-2165)
  • 160668 Oracle Enterprise Linux Security Update for edk2 (ELSA-2023-2932)
  • 161209 Oracle Enterprise Linux Security Update for edk2 (ELSA-2023-13026)
  • 161210 Oracle Enterprise Linux Security Update for edk2 (ELSA-2023-13024)
  • 161212 Oracle Enterprise Linux Security Update for edk2 (ELSA-2023-32791)
  • 161213 Oracle Enterprise Linux Security Update for edk2 (ELSA-2023-13025)
  • 161214 Oracle Enterprise Linux Security Update for edk2 (ELSA-2023-13027)
  • 161215 Oracle Enterprise Linux Security Update for edk2 (ELSA-2023-32790)
  • 181546 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 5343-1)
  • 181593 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DLA 3325-1)
  • 182673 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2022-4450)
  • 199150 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5844-1)
  • 200021 Ubuntu Security Notification for Node.js Vulnerabilities (USN-6564-1)
  • 241227 Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2023:0946)
  • 241256 Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2023:1199)
  • 241285 Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2023:1405)
  • 241469 Red Hat Update for edk2 security (RHSA-2023:2165)
  • 241496 Red Hat Update for edk2 (RHSA-2023:2932)
  • 241568 Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2023:3408)
  • 241574 Red Hat Update for JBoss Core Services (RHSA-2023:3354)
  • 283694 Fedora Security Update for Open Secure Sockets Layer (OpenSSL) (FEDORA-2023-57f33242bc)
  • 283709 Fedora Security Update for edk2 (FEDORA-2023-e1ffb79ddf)
  • 283736 Fedora Security Update for Open Secure Sockets Layer (OpenSSL) (FEDORA-2023-a5564c0a3f)
  • 283759 Fedora Security Update for edk2 (FEDORA-2023-e821b64a4c)
  • 330133 IBM Advanced Interactive eXecutive (AIX) Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (openssl_advisory38)
  • 354735 Amazon Linux Security Advisory for Open Secure Sockets Layer11 (OpenSSL11) : ALAS2-2023-1934
  • 355230 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2023-2023-101
  • 357333 Amazon Linux Security Advisory for edk2 : ALAS2-2024-2502
  • 378416 Alibaba Cloud Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ALINUX3-SA-2023:0033)
  • 378491 NetApp Clustered Data Open Network Technology for Appliance Products (ONTAP) Multiple OpenSSL Denial of Service (DoS) Vulnerabilities (NTAP-20230214-0011)
  • 378515 Alibaba Cloud Linux Security Update for edk2 (ALINUX3-SA-2023:0044)
  • 38894 Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities
  • 43991 Hewlett Packard Enterprise (HPE) ArubaOS Multiple Vulnerabilities (ARUBA-PSA-2023-001)
  • 502652 Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)
  • 502653 Alpine Linux Security Update for Open Secure Sockets Layer3 (OpenSSL3)
  • 502757 Alpine Linux Security Update for openssl
  • 502907 Alpine Linux Security Update for openssl1.1-compat
  • 505784 Alpine Linux Security Update for openssl1.1-compat
  • 672879 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-1602)
  • 672984 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-1875)
  • 673006 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-1850)
  • 673018 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-1982)
  • 673042 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-1960)
  • 673086 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL)111d (EulerOS-SA-2023-2162)
  • 673136 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-2299)
  • 673156 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-2275)
  • 673398 EulerOS Security Update for linux-sgx (EulerOS-SA-2023-3047)
  • 691051 Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (648a432c-a71f-11ed-86e9-d4c9ef517024)
  • 710857 Gentoo Linux Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (GLSA 202402-08)
  • 730818 IBM MQ Appliance Multiple Security Vulnerabilities (6986567)
  • 753636 SUSE Enterprise Linux Security Update for openssl-1_1 (SUSE-SU-2023:0310-1)
  • 753640 SUSE Enterprise Linux Security Update for openssl-3 (SUSE-SU-2023:0312-1)
  • 753647 SUSE Enterprise Linux Security Update for openssl-1_1 (SUSE-SU-2023:0311-1)
  • 753649 SUSE Enterprise Linux Security Update for openssl-1_1 (SUSE-SU-2023:0309-1)
  • 905442 Common Base Linux Mariner (CBL-Mariner) Security Update for rust (13311)
  • 905450 Common Base Linux Mariner (CBL-Mariner) Security Update for rust (13332)
  • 905455 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (13323)
  • 905459 Common Base Linux Mariner (CBL-Mariner) Security Update for cloud-hypervisor (13318)
  • 905468 Common Base Linux Mariner (CBL-Mariner) Security Update for cloud-hypervisor (13347)
  • 905469 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (13351)
  • 905483 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (13323-1)
  • 905538 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (13351-1)
  • 906765 Common Base Linux Mariner (CBL-Mariner) Security Update for cloud-hypervisor (13347-1)
  • 940941 AlmaLinux Security Update for Open Secure Sockets Layer (OpenSSL) (ALSA-2023:0946)
  • 940962 AlmaLinux Security Update for Open Secure Sockets Layer (OpenSSL) (ALSA-2023:1405)
  • 941044 AlmaLinux Security Update for edk2 (ALSA-2023:2165)
  • 941103 AlmaLinux Security Update for edk2 (ALSA-2023:2932)
  • 960886 Rocky Linux Security Update for Open Secure Sockets Layer (OpenSSL) (RLSA-2023:1405)
  • 960889 Rocky Linux Security Update for Open Secure Sockets Layer (OpenSSL) (RLSA-2023:0946)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report