CVE-2022-0778

🗓️ 15 Mar 2022 17:05:20Reported by opensslType

cve🔗 web.nvd.nist.gov📰️ 9 Media mentions👁 1341 Views🌐 WEB

The BN_mod_sqrt() function in OpenSSL before 3.0.2, 1.1.1n, and 1.0.2zd allows attackers to cause a denial of service via crafted certificates or private keys

Reporter	Title	Published	Views	Family All 936
IBM Security Bulletins	Security Bulletin: Denial of Service vulnerability in OpenSSL may affect IBM Spectrum Protect Backup-Archive Client (CVE-2022-0778)	29 Jun 202219:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Safer Payments is vulnerable to OpenSSL Denial of Sevice Attack (CVE-2022-0778)	25 Apr 202307:58	–	ibm
IBM Security Bulletins	Security Bulletin: WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2022-0778	12 May 202215:33	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2022-1292, CVE-2022-0778)	25 Jul 202214:51	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in node.js	14 Apr 202215:54	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues	30 Nov 202318:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN module have multiple vulnerabilities (CVE-2021-22060, CVE-2022-22950, CVE-2022-0547, CVE-2022-0778, CVE-2022-22965)	6 Jun 202218:27	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service due to CVE-2022-0778	28 Apr 202211:28	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from expat, Golang Go, gcc, openssl and libxml.	16 May 202206:59	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Storage Defender – Data Protect	26 Mar 202503:57	–	ibm

NVD

Vulners

Node

openssl opensslRange1.0.2–1.0.2zd

openssl opensslRange1.1.0–1.1.1n

openssl opensslRange3.0.0–3.0.2

Node

debian debian_linuxMatch9.0

debian debian_linuxMatch10.0

debian debian_linuxMatch11.0

Node

netapp cloud_volumes_ontap_mediatorMatch-

netapp clustered_data_ontapMatch-

netapp clustered_data_ontap_antivirus_connectorMatch-

netapp santricity_smi-s_providerMatch-

netapp storagegridMatch-

Node

netapp a250_firmwareMatch-

AND

netapp a250Match-

Node

netapp 500f_firmwareMatch-

AND

netapp 500fMatch-

Node

fedoraproject fedoraMatch34

fedoraproject fedoraMatch36

Node

tenable nessusRange<8.15.4

tenable nessusRange10.0.0–10.1.2

Node

mariadb mariadbRange10.2.0–10.2.42

mariadb mariadbRange10.3.0–10.3.33

mariadb mariadbRange10.4.0–10.4.23

mariadb mariadbRange10.5.0–10.5.14

mariadb mariadbRange10.6.0–10.6.6

mariadb mariadbRange10.7.0–10.7.2

Node

nodejs node.jsRange12.0.0–12.12.0-

nodejs node.jsRange12.13.0–12.22.11lts

nodejs node.jsRange14.0.0–14.14.0-

nodejs node.jsRange14.15.0–14.19.1lts

nodejs node.jsRange16.0.0–16.12.0-

nodejs node.jsRange16.13.0–16.14.2lts

nodejs node.jsRange17.0.0–17.7.2-

[
  {
    "vendor": "OpenSSL",
    "product": "OpenSSL",
    "versions": [
      {
        "version": "Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1)",
        "status": "affected"
      },
      {
        "version": "Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m)",
        "status": "affected"
      },
      {
        "version": "Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc)",
        "status": "affected"
      }
    ]
  }
]

Source	Link
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf
git	www.git.openssl.org/gitweb/
support	www.support.apple.com/kb/HT213255
oracle	www.oracle.com/security-alerts/cpuapr2022.html
seclists	www.seclists.org/fulldisclosure/2022/May/38
oracle	www.oracle.com/security-alerts/cpujul2022.html
security	www.security.netapp.com/advisory/ntap-20240621-0006/
git	www.git.openssl.org/gitweb/
git	www.git.openssl.org/gitweb/

Parameter	Position	Path	Description	CWE
crafted DER certificate loaded from disk	path	github.com/drago-96/CVE-2022-0778	POC describes injecting a crafted certificate into the TLS Certificate message to trigger an infinite loop/DoS in vulnerable implementations (CVE-2022-0778).	CWE-835
Certificate message in TLS handshake	path	github.com/drago-96/CVE-2022-0778	POC describes injecting a crafted certificate into the TLS Certificate message to trigger an infinite loop/DoS in vulnerable implementations (CVE-2022-0778).	CWE-835
ServerCertificate parsing potentially triggered by crafted certificate	path	github.com/drago-96/CVE-2022-0778	POC describes injecting a crafted certificate into the TLS Certificate message to trigger an infinite loop/DoS in vulnerable implementations (CVE-2022-0778).	CWE-835
TLSConnection._clientKeyExchange override	path	github.com/tlsfuzzer/tlslite-ng	References tlslite-ng tooling/framework used to override client key exchange and inject crafted certificate data during TLS handshake to reproduce the vulnerability.	CWE-835
ClientHello/ServerHello processing	path	github.com/tlsfuzzer/tlslite-ng	References tlslite-ng tooling/framework used to override client key exchange and inject crafted certificate data during TLS handshake to reproduce the vulnerability.	CWE-835
triggering Certificate message handling with crafted certificate	path	github.com/tlsfuzzer/tlslite-ng	References tlslite-ng tooling/framework used to override client key exchange and inject crafted certificate data during TLS handshake to reproduce the vulnerability.	CWE-835