CVE-2022-1292

🗓️ 03 May 2022 15:15:19Reported by opensslType

cve🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 1248 Views🌐 WEB

The c_rehash script allows command injection via shell metacharacters. Use OpenSSL rehash tool as replacement. Fixed in versions 3.0.3, 1.1.1o, 1.0.2ze

Reporter	Title	Published	Views	Family All 641
IBM Security Bulletins	Security Bulletin:IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from openssl, pcre2 and Golang Go	31 Aug 202216:17	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2022-1292, CVE-2022-0778)	25 Jul 202214:51	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Storage Defender – Data Protect	26 Mar 202503:57	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2022-0778, CVE-2022-1292)	26 Jul 202212:02	–	ibm
IBM Security Bulletins	Security Bulletin: Due to use of OpenSSL, IBM Virtualization Engine TS7700 is vulnerable to denial of service (CVE-2022-0778) and privilege escalation (CVE-2022-1292)	29 Aug 202223:14	–	ibm
IBM Security Bulletins	Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2022-1292 and CVE-2022-2068) or an attacker may obtain sensitive information (CVE-2022-2097) due to OpenSSL	19 Aug 202216:02	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM InfoSphere Information Server	25 Jan 202316:00	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents	21 Sep 202220:55	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insight v1.6.8 addresses multiple security vulnerabilities.	11 Apr 202311:47	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Linux Kernel, OpenSSL, Golang Go, and Zlib may affect IBM Spectrum Protect Plus	17 Sep 202206:09	–	ibm

NVD

Vulners

Node

siemens brownfield_connectivity_gatewayRange<2.15

Node

openssl opensslRange1.0.2–1.0.2ze

openssl opensslRange1.1.1–1.1.1o

openssl opensslRange3.0.0–3.0.3

Node

debian debian_linuxMatch9.0

debian debian_linuxMatch10.0

debian debian_linuxMatch11.0

Node

netapp active_iq_unified_managerMatch-vmware_vsphere

netapp active_iq_unified_managerMatch-vsphere

netapp active_iq_unified_managerMatch-windows

netapp clustered_data_ontapMatch-

netapp clustered_data_ontap_antivirus_connectorMatch-

netapp oncommand_insightMatch-

netapp oncommand_workflow_automationMatch-

netapp santricity_smi-s_providerMatch-

netapp smi-s_providerMatch-

netapp snapcenterMatch-

netapp snapmanagerMatch-hyper-v

netapp solidfire,_enterprise_sds_&_hci_storage_nodeMatch-

netapp solidfire_&_hci_management_nodeMatch-

Node

netapp a700s_firmwareMatch-

AND

netapp a700sMatch-

Node

netapp h300s_firmwareMatch-

AND

netapp h300sMatch-

Node

netapp h500s_firmwareMatch-

AND

netapp h500sMatch-

Node

netapp h700s_firmwareMatch-

AND

netapp h700sMatch-

Node

netapp h300e_firmwareMatch-

AND

netapp h300eMatch-

Node

netapp h500e_firmwareMatch-

AND

netapp h500eMatch-

Node

netapp h700e_firmwareMatch-

AND

netapp h700eMatch-

Node

netapp h410s_firmwareMatch-

AND

netapp h410sMatch-

Node

netapp aff_8300_firmwareMatch-

AND

netapp aff_8300Match-

Node

netapp fas_8300_firmwareMatch-

AND

netapp fas_8300Match-

Node

netapp aff_8700_firmwareMatch-

AND

netapp aff_8700Match-

Node

netapp fas_8700_firmwareMatch-

AND

netapp fas_8700Match-

Node

netapp aff_a400_firmwareMatch-

AND

netapp aff_a400Match-

Node

netapp fabric-attached_storage_a400_firmwareMatch-

AND

netapp fabric-attached_storage_a400Match-

Node

netapp a250_firmwareMatch-

AND

netapp a250Match-

Node

netapp aff_500f_firmwareMatch-

AND

netapp aff_500fMatch-

Node

netapp fas_500f_firmwareMatch-

AND

netapp fas_500fMatch-

Node

oracle enterprise_manager_ops_centerMatch12.4.0.0

oracle mysql_serverRange5.0.0–5.7.38

oracle mysql_serverRange8.0.0–8.0.29

oracle mysql_workbenchRange≤8.0.29

Node

fedoraproject fedoraMatch35

fedoraproject fedoraMatch36

[
  {
    "vendor": "OpenSSL",
    "product": "OpenSSL",
    "versions": [
      {
        "version": "Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)",
        "status": "affected"
      },
      {
        "version": "Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n)",
        "status": "affected"
      },
      {
        "version": "Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd)",
        "status": "affected"
      }
    ]
  }
]

Source	Link
git	www.git.openssl.org/gitweb/
security	www.security.netapp.com/advisory/ntap-20220602-0009/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/
git	www.git.openssl.org/gitweb/
openssl	www.openssl.org/news/secadv/20220503.txt
psirt	www.psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011
security	www.security.netapp.com/advisory/ntap-20220729-0004/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/
security	www.security.gentoo.org/glsa/202210-02
lists	www.lists.debian.org/debian-lts-announce/2022/05/msg00019.html

Parameter	Position	Path	Description	CWE
filename	path	/etc/ssl/certs/	Command injection via unsafely sanitized shell metacharacters in filenames processed by c_rehash (triggered by update-ca-certificates), enabling arbitrary commands.	CWE-78

13 Aug 2025 14:15Current

9High risk

Vulners AI Score9

CVSS 3.17.3 - 9.8

CVSS 210

EPSS0.38894

SSVC

CWE-78