Important: openssl

🗓️ 22 Mar 2023 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 7 Views

OpenSSL bug in BN_mod_sqrt() can lead to denial of service via crafted certificates and keys.

Reporter	Title	Published	Views	Family All 2025
IBM Security Bulletins	Security Bulletin:IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from openssl, pcre2 and Golang Go	31 Aug 202216:17	–	ibm
IBM Security Bulletins	Security Bulletin: Denial of Service vulnerability in OpenSSL may affect IBM Spectrum Protect Backup-Archive Client (CVE-2022-0778)	29 Jun 202219:05	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for Febuary 2023	10 Mar 202318:29	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Safer Payments is vulnerable to OpenSSL Denial of Sevice Attack (CVE-2022-0778)	25 Apr 202307:58	–	ibm
IBM Security Bulletins	Security Bulletin: API Connect is impacted by a vulnerability in OpenSSL (CVE-2022-3602, CVE-2022-3786)	8 Dec 202220:16	–	ibm
IBM Security Bulletins	Security Bulletin: WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2022-0778	12 May 202215:33	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2022-1292, CVE-2022-0778)	25 Jul 202214:51	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in node.js	14 Apr 202215:54	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues	30 Nov 202318:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN module have multiple vulnerabilities (CVE-2021-22060, CVE-2022-22950, CVE-2022-0547, CVE-2022-0778, CVE-2022-22965)	6 Jun 202218:27	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	openssl	3.0.5-1.amzn2023.0.4	openssl-3.0.5-1.amzn2023.0.4.aarch64.rpm
Amazon Linux	2	x86_64	openssl	3.0.5-1.amzn2023.0.4	openssl-3.0.5-1.amzn2023.0.4.x86_64.rpm
Amazon Linux	2	aarch64	openssl-debuginfo	3.0.5-1.amzn2023.0.4	openssl-debuginfo-3.0.5-1.amzn2023.0.4.aarch64.rpm
Amazon Linux	2	x86_64	openssl-debuginfo	3.0.5-1.amzn2023.0.4	openssl-debuginfo-3.0.5-1.amzn2023.0.4.x86_64.rpm
Amazon Linux	2	aarch64	openssl-debugsource	3.0.5-1.amzn2023.0.4	openssl-debugsource-3.0.5-1.amzn2023.0.4.aarch64.rpm
Amazon Linux	2	x86_64	openssl-debugsource	3.0.5-1.amzn2023.0.4	openssl-debugsource-3.0.5-1.amzn2023.0.4.x86_64.rpm
Amazon Linux	2	aarch64	openssl-devel	3.0.5-1.amzn2023.0.4	openssl-devel-3.0.5-1.amzn2023.0.4.aarch64.rpm
Amazon Linux	2	x86_64	openssl-devel	3.0.5-1.amzn2023.0.4	openssl-devel-3.0.5-1.amzn2023.0.4.x86_64.rpm
Amazon Linux	2	aarch64	openssl-libs	3.0.5-1.amzn2023.0.4	openssl-libs-3.0.5-1.amzn2023.0.4.aarch64.rpm
Amazon Linux	2	x86_64	openssl-libs	3.0.5-1.amzn2023.0.4	openssl-libs-3.0.5-1.amzn2023.0.4.x86_64.rpm

22 Mar 2023 00:00Current

8.3High risk

Vulners AI Score8.3

CVSS 210

CVSS 3.17.5 - 9.8

EPSS0.83506

SSVC

openssl security vulnerability bn_mod_sqrt function denial of service attack elliptic curve parameters fixed versions cve-2022-0778