PT-2022-3301 · Openssl+10 · Openssl+10
Chancen
·
Published
2022-06-21
·
Updated
2026-04-27
·
CVE-2022-2068
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
OpenSSL versions 3.0.0 through 3.0.3
OpenSSL versions 1.1.1 through 1.1.1o
OpenSSL versions 1.0.2 through 1.0.2ze
Description
The issue is related to improper encryption and potential buffer overflow, allowing a remote attacker to obtain sensitive information or execute arbitrary code. This can be achieved by sending specially crafted requests, potentially during the establishment of a TLS connection. The c rehash script is also affected, allowing command injection due to improper sanitization of shell metacharacters.
Recommendations
For OpenSSL versions 3.0.0 through 3.0.3, update to version 3.0.4 to resolve the issue.
For OpenSSL versions 1.1.1 through 1.1.1o, update to version 1.1.1p to resolve the issue.
For OpenSSL versions 1.0.2 through 1.0.2ze, update to version 1.0.2zf to resolve the issue.
As a temporary workaround, consider replacing the use of the c rehash script with the OpenSSL rehash command line tool to minimize the risk of command injection.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Ibm Aix
Linuxmint
Openssl
Red Hat
Rocky Linux
Suse
Ubuntu