Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-1292HistoryMay 03, 2022 - 4:15 p.m.
CVE-2022-1292
2022-05-0316:15:00
Debian Security Bug Tracker
security-tracker.debian.org
57
0.106 Low
EPSS
Percentile
95.1%
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | openssl | < 1.1.1o-1 | openssl_1.1.1o-1_all.deb |
| Debian | 11 | all | openssl | < 1.1.1n-0+deb11u2 | openssl_1.1.1n-0+deb11u2_all.deb |
| Debian | 10 | all | openssl | < 1.1.1n-0+deb10u2 | openssl_1.1.1n-0+deb10u2_all.deb |
| Debian | 999 | all | openssl | < 1.1.1o-1 | openssl_1.1.1o-1_all.deb |
| Debian | 13 | all | openssl | < 1.1.1o-1 | openssl_1.1.1o-1_all.deb |
Related
checkpoint_advisories
checkpoint_advisories
OpenSSL c_rehash Script Command Injection (CVE-2022-1292)
2022-11-14 00:00:00
nessus
nessus
Debian DLA-3008-1 : openssl - LTS security update
2022-05-15 00:00:00
SUSE SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2022:2106-1)
2022-06-17 00:00:00
EulerOS 2.0 SP8 : openssl (EulerOS-SA-2022-1943)
2022-06-22 00:00:00
debian
debian
[SECURITY] [DLA 3008-1] openssl security update
2022-05-15 02:10:37
[SECURITY] [DSA 5139-1] openssl security update
2022-05-17 19:10:59
mageia
mageia
Updated openssl packages fix security vulnerability
2022-05-12 13:24:45
openvas
openvas
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2022-2118)
2022-07-14 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:2106-1)
2022-06-17 00:00:00
OpenSSL: c_rehash script allows command injection (CVE-2022-1292) - Linux
2022-05-04 00:00:00
amazon
amazon
Medium: openssl
2022-05-31 23:50:00
Medium: openssl11
2022-07-06 03:14:00
Medium: openssl
2022-06-30 23:38:00
githubexploit
githubexploit
Exploit for OS Command Injection in Openssl
2022-05-25 07:06:48
Exploit for OS Command Injection in Openssl
2022-09-01 07:00:00
Exploit for OS Command Injection in Openssl
2022-07-26 11:33:10
cve
cve
CVE-2022-1292
2022-05-03 16:15:00
CVE-2022-2068
2022-06-21 15:15:00
ubuntucve
ubuntucve
CVE-2022-1292
2022-05-03 00:00:00
CVE-2022-2068
2022-06-21 00:00:00
ibm
ibm
veracode
veracode
OS Command Injection
2022-05-11 10:47:23
fedora
fedora
[SECURITY] Fedora 35 Update: openssl-1.1.1o-1.fc35
2022-06-29 01:50:51
[SECURITY] Fedora 36 Update: openssl1.1-1.1.1o-1.fc36
2022-06-23 00:41:52
prion
prion
Command injection
2022-05-03 16:15:00
Command injection
2022-06-21 15:15:00
cbl_mariner
cbl_mariner
CVE-2022-1292 affecting package openssl 1.1.1k-9
2022-05-26 19:04:39
CVE-2022-1292 affecting package openssl for versions less than 1.1.1k-15
2022-06-03 17:54:02
slackware
slackware
[slackware-security] openssl
2022-05-04 21:32:34
[slackware-security] Slackware 14.2 openssl
2022-06-28 19:28:45
[slackware-security] openssl
2022-06-23 05:32:23
osv
osv
CVE-2022-1292
2022-05-03 16:15:18
openssl - security update
2022-05-14 00:00:00
openssl - security update
2022-05-17 00:00:00
cvelist
cvelist
CVE-2022-1292 The c_rehash script allows command injection
2022-05-03 00:00:00
CVE-2022-2068 The c_rehash script allows command injection
2022-06-21 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2022-1292
2022-05-03 00:00:00
Vulnerability in OpenSSL CVE-2022-2068
2022-06-21 00:00:00
redhatcve
redhatcve
CVE-2022-1292
2022-05-03 22:18:00
CVE-2022-2068
2022-06-22 06:36:12
alpinelinux
alpinelinux
CVE-2022-1292
2022-05-03 16:15:00
CVE-2022-2068
2022-06-21 15:15:00
suse
suse
Security update for openssl-1_0_0 (moderate)
2022-07-07 00:00:00
Security update for openssl-1_1 (moderate)
2022-07-04 00:00:00
Security update for openssl-1_1 (moderate)
2022-09-01 00:00:00
ics
ics
Mitsubishi Electric Multiple Factory Automation Products (Update D)
2023-02-02 12:00:00
Mitsubishi Electric Multiple Factory Automation Products (Update C)
2022-11-02 12:00:00
debiancve
debiancve
CVE-2022-2068
2022-06-21 15:15:00
photon
photon
Critical Photon OS Security Update - PHSA-2022-3.0-0391
2022-05-06 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.1.1p-alt1
2022-06-22 00:00:00
Security fix for the ALT Linux 10 package openssl1.1 version 1.1.1p-alt1
2022-06-24 00:00:00
broadcom
broadcom
redhat
redhat
(RHSA-2022:8913) Moderate: Red Hat JBoss Web Server 5.7.1 release and security update
2022-12-12 12:28:19
(RHSA-2022:8917) Moderate: Red Hat JBoss Web Server 5.7.1 release and security update
2022-12-12 12:20:51
(RHSA-2022:5818) Moderate: openssl security update
2022-08-02 07:00:02
cloudlinux
cloudlinux
Fixed CVEs in openssl: CVE-2022-1292, CVE-2022-2068
2022-07-14 16:53:26
ubuntu
ubuntu
OpenSSL vulnerabilities
2022-05-26 00:00:00
f5
f5
K21600298 : OpenSSL vulnerabilities CVE-2022-1292 and CVE-2022-2068
2022-08-05 00:00:00
oraclelinux
oraclelinux
openssl security update
2022-08-05 00:00:00
openssl security update
2022-08-02 00:00:00
aix
aix
AIX is vulnerable to arbitrary command execution due to OpenSSL
2022-08-17 16:39:03