A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the c_rehash
script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with the privileges of the script.
As mentioned in the upstream security advisory, use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command-line tool.