Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-68614
HistoryAug 29, 2022 - 12:00 a.m.

OpenSSL has a denial of service vulnerability

2022-08-2900:00:00
China National Vulnerability Database
www.cnvd.org.cn
17
openssl
denial of service
bn_mod_sqrt()
cryptographic library
ssl
tls
vulnerability
wireless loop
certificate resolution
application security

EPSS

0.021

Percentile

89.7%

OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer (SSLv2/v3) and Secure Transport Layer (TLSv1) protocols. A denial of service vulnerability exists in OpenSSL due to an error in the BN_mod_sqrt() function that calculates the square root of a modulus, which could lead to a wireless loop for non-prime moduli. An attacker could send a special function parameter value to exploit the vulnerability to cause the application to trigger a denial of service during the certificate resolution process.