Elison Niven

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 1.0.2 through 1.0.2zd OpenSSL versions 1.1.1 through 1.1.1n OpenSSL versions 3.0.0 through 3.0.2 **Description** The c rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. **Recommendations** For OpenSSL versions 1.0.2 through 1.0.2zd, update to version 1.0.2ze. For OpenSSL versions 1.1.1 through 1.1.1n, update to version 1.1.1o. For OpenSSL versions 3.0.0 through 3.0.2, update to version 3.0.3. As a temporary workaround, consider disabling the c rehash script until a patch is available. Restrict access to the vulnerable script to minimize the risk of exploitation.